- TalkBack 1 of 8:
- Next »
- Thread View
- Flat View
- Veryy misleading title - Mega Patch
-
As you stated, there are 3 critical vulnerabilities, but they're in user packages, not core OS internals.
Ekiga (formerly Gnome Meeting - an H.323 client)
Firefox This is the 1.5.0.10 patch that everyone knows about - nothing new
Thunderbird Again, this was known.
The flaws rated important were a mix. A kernel flaw that could lead to a DOS or code execution. The GNUpg patch wasn't due to a flaw in its code but a patch that would prevent ill-written apps from allowing some data outside the bounds of signed data to be interpreted as signed. Xen had a flaw that could allow read ability as root outside of a VM; again, no DOS or code execution.
Others were OS services like bind and Samba. Still others were spamassasin, wireshard, and a Wordperfect format converter.
What's a common theme here? Well, there's a couple:
(1) These aren't Red Had vulnerabilities per se - they affect a lot of distros. It's just that they were discovered and fixed after Red Hat froze the code base. RH was just in the unfortunate position that the flaws were found very late in the release cycle. None of the other distros are releasing a new version right now, so RH "catches all the flak".
(2) Most are in applications that aren't even part of the OS itself. They're add-ons - in particular the three critical ones.
At least Ryan didn't say they were flaws in the operating system, but by not expanding on what they actually were, a certain ilk here will run with the headline and broadcast to the world "See, here's proof our development methods produce a more secure Operating System". And we all know that would be very far from the truth... - Posted by: NetArch. Posted on: 03/16/07 You are currently: a Guest | Members login | Terms of Use
Veryy misleading title - Mega Patch
NetArch. | 03/16/07
|
 
You're not reading that right
georgeou | 03/16/07
|
You should read the actual advisories!
B.O.F.H. | 03/17/07
|
|
Doesn't matter...
No_Ax_to_Grind | 03/18/07
|
|
Still doesn't matter...
jasonp@... | 03/19/07
|
|
Thanks for proving my point
No_Ax_to_Grind | 03/19/07
|
|
Yes but here is the difference !!
madhead@... | 03/20/07
|
|
Doesn't matter...
No_Ax_to_Grind | 03/18/07
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- eBook - How to Drive Better Business Outcomes with Exceptional Web Experiences IBM Today's businesses stand to benefit by implementing an enterprise-class ... Download Now
- Offload Reporting To Improve Oracle Database Performance Quest Software Is your organization looking for a more cost-effective way to get critical ... Download Now
- The New Generation of System X Servers: Lower datacenter costs through server refresh IBM Join Intel and IBM for a deep dive into the new Intel Xeon Processor 5500 ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The more you simplify, the more you save
-
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Can your business work smarter? Learn more about Lotus Symphony
- Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
- Smarter ways to make smarter products Read the brief from IBM
