Yum failing me...
James Wilkinson
fedora at westexe.demon.co.uk
Thu Jul 28 16:40:24 UTC 2005
Dotan Cohen wrote:
> Yes, but we do not always know when/if there is a security patch. I
> just yum update and not worry. Unless, of course, it doesn't work!
Claude Jones wrote:
> You could 'always know' this, if you were to subscribe to the
> fedora-announce-list
> http://www.redhat.com/mailman/listinfo/fedora-announce-list
> This is a very low-volume list that will always keep you notified of patch
> releases.
The only patch notifications I can see on the list are for Fedora Core.
As far as I know, there is no equivalent list for Fedora Extras. For
instance, ClamAV was updated recently, moving the package to 0.86.2.
This appears to fix an Outlook-sized vulnerability[1].
The only alert I've seen is at http://lwn.net/Articles/145061/, for
Gentoo.
Am I missing something, or do we just have to be careful when installing
sensitive stuff from Extras?
James.
[1] A "specially crafted" file can cause it to run arbitrary code. Since
it's an anti-virus product, it's often used to automatically scan
incoming e-mail. So an attacker could get ClamAV to run his (or her)
code merely by e-mailing such a file to the right site.
--
E-mail address: james | Fengor the Mauve could never figure out why the other
@westexe.demon.co.uk | wizards didn't take him seriously, but he knew all
| that would change once he managed to extract gold from
| a chicken. -- Ursula Vernon, on www.metalandmagic.com
More information about the fedora-list
mailing list