From: Enda (enda at domain unison.ie)
Date: Thu 09 May 2002 - 11:53:08 IST
> > As far as I know, now feel free to correct me if I'm wrong, but all the
other major
>> distrobutions like 'Red Hat' which people on this list seem fond of have
the zlib exploit
>> present do they not?
>
> Er, no. The zlib thing was fixed around the same time as CERT released
their
> advisory.
The CERT advisory from yesterday (CA-2002-07)?? RedHat's fix has been
available since the 22nd of March (RHSA-2002:026-43), SuSE's was out on the
11 March (SuSE-SA:2002:010)
Typically CERT will not release an advisory until there is a patch available
for all affected platforms, which implies that if you want a secure
environment you should choose a distro with some full time security staff
who deal with issues like this and who will keep you notified with timely
patches. Only on a bug with a high severity rating will any disto hold back
on a secuirty announcement while their competitors arrange a patch, CERT
always holds back - wider distribution audience.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:16:42 GMT