Matthew's note did bring something to my attention that I didn't realize. Chuck's response below which included the links to the errata pages was interesting in that I see the RH 7.3 Apache update is dated 11-25 on the page. I seldom visit this page unless it's for a special reason as I tend to use the up2date mechanism. On Dec 7th I ran up2date and was notified that there were updates including both the Samba and Xinetd fixes (which bracket the Apache entry on the errata page). Today I ran up2date and was advised the Apache update was available.
Clearly there is some delay between the errata page and the up2date mechanism. I can rationalize the delay as part of the RH strategy to manage traffic but since the security of my machines are my responsibility, not RH's, I guess I'll be visiting the errata page more often. I do admit that I, like Matthew, resort to the source tarball if I feel "naked" and his mention of the OpenSSL 3.1p1 vulnerability is one where I've gone that route. Regards, Mike Klinke On Friday 13 December 2002 16:25, Chuck Mead wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 13 Dec 2002, Matthew Boeckman enscribed the following: > > MB>> Are you sure that they're not addresing the issues? *My* > understanding is MB>> that, in most cases, the security patches are applied > to the version of MB>> the app currently being distributed by RH. This was > certainly true with MB>> regard to the OpenSSH bugs, and I'm fairly sure > that philosophy is true MB>> with Apache...there were a number of updates > released for it, over the MB>> last few months. > MB> > MB>Are they? I suppose it is possible as I inexplicably find openssh-3.1p1 > MB>RPM's in updates.redhat.com. Not that I doubt you, but I would like to > MB>see some page somewhere that says so. Likewise I'd like to see the page, > MB>dated in August that lets us all know that they patched apache1.3.26 to > MB>fix that vulnerability and it's now available for download. > MB> > MB>If they are doing as you say, why the advisory that I posted earlier? > MB>Reading it it certainly doesn't say anything about "pull down the > MB>apache-1.3.26-2.rpm", but it does say to apply immeadiately the updates > MB>for 1.3.27 (which did not ship with 7.2, or 7.3). > > Psyche: https://rhn.redhat.com/errata/rh8-errata.html > Valhalla: https://rhn.redhat.com/errata/rh73-errata.html > Enigma: https://rhn.redhat.com/errata/rh72-errata.html > Seawolf: https://rhn.redhat.com/errata/rh71-errata.html > > - -- > [EMAIL PROTECTED], RHCE > Instructor, Global Learning Services > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQE9+goGYCtDlaj78K8RAtelAKCGsC8ApD1LZFUZo1VNIsnMGW0CMQCdF98M > kxmxCqf3MPP1kF0E+SzIAHA= > =1RdQ > -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
