Ethereal and other Security Questions
Jim Hayward
jimhayward at earthlink.net
Mon Nov 10 22:39:46 UTC 2003
On Mon, 2003-11-10 at 10:25, The Matt wrote:
> After getting the ethereal RHSA just now,
> I wondered aloud...is Fedora Core vulnerable?
According to the bulletin all versions <= 0.9.15 are vulnerable. FC1
comes with ethereal-0.9.13-4.1. So I would say it is probably
vulnerable.
> How about the recent CUPS and coreutils RHSAs?
The CUPS bulletin was for versions prior to 1.1.19. FC1 comes with
1.1.19 so it appears to be alright. Doing a quick check of "ls" in the
FC1 coreutils package to see if it suffers from the reported problem the
answer is, yes it does.
> So, I ask again, what is the security/bug procedure of Fedora
> Core? Is there a "FCSA" list out there that mimics RHSA that I can
> subscribe to?
Thats a good question as to how security issues are going to be handled.
There does not appear to be an fedora-watch-list at this time.
>
> Should I grab the Red Hat 9 packages to shore up these security holes if
> the FC1 packages don't cover them (e.g., get ethereal*.0.9.16 until an
> FC1 release appears)?
I just grabbed the SRPM for the RH 9 errata and will compile it for my
Fedora box. For the coreutils issue, I just grabbed the patches from the
bug-coreutils mailing list. Will look at adding them to the current FC1
package and recompiling it.
Regards,
Jim H
More information about the fedora-list
mailing list