Outdated packages with security issues
Just scanned an up-to-date RHEL7.6 and with Nessus and got the following issues:
Severity: HIGH
RHEL 7 : glusterfs (RHSA-2018:3432)
Severity: MEDIUM
RHEL 7 : Red Hat Ceph Storage 2.5 (RHSA-2018:2261)
RHEL 7 : Storage Server (RHSA-2018:2613)
Remote package installed : glusterfs-3.12.2-18.el7
Should be : glusterfs-3.12.2-25.el7
Remote package installed : glusterfs-client-xlators-3.12.2-18.el7
Should be : glusterfs-client-xlators-3.12.2-25.el7
Remote package installed : glusterfs-fuse-3.12.2-18.el7
Should be : glusterfs-fuse-3.12.2-25.el7
Remote package installed : glusterfs-libs-3.12.2-18.el7
Should be : glusterfs-libs-3.12.2-25.el7
Remote package installed : librados2-10.2.5-4.el7
Should be : librados2-10.2.10-28.el7cp
Remote package installed : libtdb-1.3.15-1.el7
Should be : libtdb-1.3.15-4.el7
So RedHat knows about these issues, recommends the install of newer versions that seem to be available somewhere, but they are missing from the RHEL7 repositories.
Why does RedHat not take care of these issues ? How can we solve this. We need to update a customer system and prove that there are no known Vulnerabilities with severity "HIGH" or "MEDIUM"