WordPress backports security updates usually 1-3 versions back but they don’t promise anything.
The WordPress LTS philosophy is that LTS = “Long Term Suckage“
The Long Term Suckage theory is:
While I like the theory of LTS, what
happens in practice is it covers up
the incompetence of IT or developers
because they put off small slightly
painful upgrades until they get so out
of date of trunk (3 years? 5 years?)
and you have to go through a giant,
painful, screws everybody over
upgrade. —Matt Mullenweg
Like how your sysadmin doesn’t want to update PHP now that it’s 6 years old and 2 major branches behind.
I would point my sysadmin to this thread from the RedHat mailing list from 2009. There are 3rd party packages available so you don’t have to compile from source
If the version of php you need is not
available in rhn you could use some
3rd party repos like rpmforge, ATrpms
or the Remi Collet Repository that is
specially made for mysql 5.1 and
php5.2.9 under EL5.
I would be more concerned about PHP 5.1 branch security issues than something that might come up with WordPress.
Edit:
Also found this official RedHat announcement from Jan 2011 RHEL 5 now shipping with PHP 5.3.