What does "supported" mean for Fedora Core 1 software?
jludwig
wralphie at comcast.net
Tue Apr 13 14:57:10 UTC 2004
On Tue, 2004-04-13 at 10:07, StoneBeat wrote:
> I have a doubt, imagine that tomorrow someone discovered that OpenSSH shipped
> with Fedora Core 1 had a remote exploitable vulnerability.
>
> How would i be able to get the patch for this vulnerability ?
>
> would i be able to get patched using "yum update" ?
>
> would Redhat / Fedora publish an Update in
> http://fedora.redhat.com/updates/released/ ?
>
>
> El Lunes 12 Abril 2004 22:03, Bill Nottingham escribió:
> > Christofer C. Bell (cbell at jayhawks.net) said:
> > > What does "support" mean for Fedora Core 1 software? I'm not trying to
> > > sound like sour grapes, but I'm honestly curious. I've submitted a
> > > couple of bug reports (and submitted the fix with one of them) and so far
> > > both have come back closed with "fixed in rawhide."
> > >
> > > I guess I don't know what this means, exactly.
> >
> > Rawhide means that it's fixed in the development tree. If this
> > is done before FC2 is finalized, this generally means that it will be
> > fixed in FC2.
> >
> > Bill
In a word yes. The Linux community as a whole has had patches out faster
than any other O.S. Also Red Hat has been prompt to post these patches
when available. Also, just because a 'vulnerability' is found doesn't
mean it is actually exploitable. A lot of these are problems such as
buffer overflows or bad special character parsing.
At best they allow a chance for exploitation and usually require a fair
amount of programming skill, time, and failed attempts for a cracker,
usually through zombies. Most crackers would move on to an easier target
unless you are the 'specific' target.
The reality of system compromises are from an internal nature S.A. my
old employer would remove all sensitive data from hard drives, but left
user names and passwords on the disk. Not until I took my PHLAK disk and
went through the disk with the office manager did this change!
Users are forever downloading worms, trojans, and viruses on systems.
Uneducated users they are the greatest liability to security.
If your system is updated, say monthly, and your firewall properly set
up and maintained, the major issue becomes users.
--
jludwig <wralphie at comcast.net>
More information about the fedora-list
mailing list