Updating packages to address vulnerabilities

Hello community

What is the best approach of dealing with and addressing vulnerabilities without breaking/affecting system functionality. Our security team recently ran a vulnerability scan on our Bahmni installation and a lot of issues (CVEs) were picked. These were mostly to do with apache, postgres and OpenSSH. An update of these packages would obviously fix some of these issues but I am concerned that this would most likely break system functionality. Below are the package versions which are currently installed and which I intend to update (yum update).

  • PostgreSQL - 9.6.15
  • Apache - 2.4.6
  • OpenSSH_7.4p1, OpenSSL 1.0.2k-fips

Would running yum update for these packages cause issues with the application. We are on OpenMRS 0.92 and Centos 7.6.1810