http://www.fedoralegacy.org provides updates for RH9 - I've implemented YUM sevrer that automates the updates, everything is nice and cool...but then I've decided to scan my 'updated' linux box with security scanner and it showed me a couple of critical vulnerabilities....one of them was some overfloww in httpd and they recommend to upgrade it to version 2.0.46.
The 'updated' version available from fedoralegacy is 2.0.40 (???), rpmfind.net provides it only up to 2.0.40 (that I can understand) - what I don;t understand is that how can I actually perform the real update if version is not available....
Not that familiar with RH9, but on RHEL the backported patched rpms cause nessus to put up red flags on things such as ssh. Could it be just that the scanner is looking at the version reported by the software and not taking into account a back ported pakage? Sometimes nessus is good enough to let you know that you need to be at a certain package errata level if there's a false positive.