[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora treats security as a joke.



I want to warn about the way that Fedora treats security, i'm a compulsive 
reader of security lists like bugtraq, and I've never seen some security 
advisor published by Fedora Security Coordinator (or something like that) as 
I've seen in other distros (Debian, Gentoo, SuSE ....) about notifying some 
important security advisors.

With regularly I am checking for updates using yum and see that there are new 
RPM updates. I believe that in these updates are the security fixes but  I 
really don't know it because there aren't advisors.

I fed up and i did a little research about security and Fedora, so i took some 
quite old security advisor relating "lha". Some people found security bugs in 
these tool, you can see more info here:
http://www.securiteam.com/unixfocus/5LP000KCVC.html

Today many distros have the  appropriate security advisor and patch, one of 
these distros is RedHat: http://rhn.redhat.com/errata/RHSA-2004-179.html
but Fedora users don't have security advisor or security patch, i check  yum 
and I don't see anything about lha and the lha version shipped with Fedora 
Core 1 is vulnerable:
[ice laptop ice]$ rpm -qa | grep -i lha
lha-1.14i-12

[ice laptop ice]$ lha x buf_oflow.lha
LHa: Error: Unknown information 
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
Segmentation fault
[ice laptop ice]$

Where is the security advisor ??? and the security patch ???
Why Fedora doesn't have a security coordinator  or even a security team ?? 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]