[rhn-users] Updates not so up2date
Iustin Pop
iustin.pop at orange.ro
Tue Mar 9 07:30:00 UTC 2004
On Tue, 2004-03-09 at 07:39, Adam Ullman wrote:
> I recently performed a port scan using Nessus (http://www.nessus.org)
> of my Red Hat 9.0 webserver which is fully up to date (apparently)
> and found a lot of security holes due to using old versions of
> software. For example httpd-2.0.40 when 2.0.48 is available and
> sendmail-8.12.8-9 when 8.12.10 is available.
Don't be fooled by version numbers. That 2.0.40 has all (?) the security
patches backported. The reason RH doesn't install the newest version is
that it contains more than security fixes, and it could impact your
application. I believe this will/has changed in Fedora.
>
> What's the deal with this? Why aren't red hat installing the latest
> versions automatically? Especially when security holes are found in
> the existing versions?? Do I have to go and update everything on my
> own?
Nope. Just be sure to _read_ the security advisories from RedHat, which
state:
Users of the Apache HTTP Server should upgrade to these erratum packages,
which contain backported patches correcting these issues, and are applied
to Apache version 2.0.40.
Regards,
Iustin Pop
###########################################
The information contained in this communication is confidential and
may be legally privileged. It is intended solely for the use of the
individual or entity to whom it is addressed and others authorized to
receive it. If you are not the intended recipient you are hereby
notified that any disclosure, copying, distribution or taking action in
reliance of the contents of this information is strictly prohibited and
may be unlawful. Orange Romania SA is neither liable for the proper,
complete transmission of the information contained in this communication
nor any delay in its receipt.
###########################################
More information about the rhn-users
mailing list