[TriLUG] RH Updates
Jon Carnes
jonc at nc.rr.com
Thu Nov 7 21:35:03 EST 2002
Hay, I notice that Mandrake was on top of it (or at least there a week
earlier...). :-)
And as long as we are showing our dirty underwear lets mention the SSH
vulnerability where Red Hat only provided RPMS for the 7.x series and
left all us folks still using the 6.x series to swim on our own. I had
to update 22 boxes by hand (using the source).
Jon
On Thu, 2002-11-07 at 20:09, Tanner Lovelace wrote:
> On Thu, 2002-11-07 at 09:38, Jon Carnes wrote:
> > In general the RPM fix for a vulnerability will follow
> > within 8 hours of the fix being available via source.
> >
> > The slowest I've seen an rpm fix come out in rpm is 2 days after the
> > Source was fixed. Of course that can seem like an eternity!
>
> Well, Jon,
>
> Take a look at this URL:
>
> http://lwn.net/Vulnerabilities/14029/
>
> Not only did it not come out within a few days, it took almost
> two weeks for Redhat to come out with a fix. Five other distributions
> had fixes out before redhat did.
>
> Now, perhaps Redhat's system isn't affected by this, but even so,
> with so many other vendors fixing it, I believe they should
> have at least said something about it.
>
> Tanner
> --
> Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> GPG Fingerprint = A66C 8660 924F 5F8C 71DA BDD0 CE09 4F8E DE76 39D4
> GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
> --*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
> This would be a very good time to hang out with the Open Source
> people, before they get formally reclassified as a national security
> threat. -- Bruce Sterling
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
> http://www.trilug.org/~lovelace/faq/TriLUG-faq.html
More information about the TriLUG
mailing list