[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Yum failing me...



Dotan Cohen wrote:
> Yes, but we do not always know when/if there is a security patch. I
> just yum update and not worry. Unless, of course, it doesn't work!

Claude Jones wrote:
> You could 'always know' this, if you were to subscribe to the 
> fedora-announce-list
> http://www.redhat.com/mailman/listinfo/fedora-announce-list
> This is a very low-volume list that will always keep you notified of patch 
> releases. 

The only patch notifications I can see on the list are for Fedora Core.

As far as I know, there is no equivalent list for Fedora Extras. For
instance, ClamAV was updated recently, moving the package to 0.86.2.
This appears to fix an Outlook-sized vulnerability[1].

The only alert I've seen is at http://lwn.net/Articles/145061/, for
Gentoo.

Am I missing something, or do we just have to be careful when installing
sensitive stuff from Extras?

James.

[1] A "specially crafted" file can cause it to run arbitrary code. Since
it's an anti-virus product, it's often used to automatically scan
incoming e-mail. So an attacker could get ClamAV to run his (or her)
code merely by e-mailing such a file to the right site. 

-- 
E-mail address: james | Fengor the Mauve could never figure out why the other
@westexe.demon.co.uk  | wizards didn't take him seriously, but he knew all
                      | that would change once he managed to extract gold from
                      | a chicken.  -- Ursula Vernon, on www.metalandmagic.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]