Re: Security problem
Sorry to keep this thread going, but perhaps one more clarification.
The original post said that the bug occured on RedHat 5.1 of our
system administrator. I immediately emailed Red Hat
(haven't heard from them yet), and also posted to Debian.
I got a reply from Debian within 12 hours and looked for
the new package number in package-updates.
I didn't find it so I looked in current distribution and found
it with correct version number.
On Sat, 24 Oct 1998, Lukas Eppler wrote:
> On Fri, 23 Oct 1998, King Lee wrote:
>
> > The bug is real, and Debian has a fix. See security
> > lists in Debian. If you are running Debian 2.0
> > you might have a security hole. There was also security
> > problems with bind. The fixes appear in the current distributions
> > (2.0.2 I think) not in package-updates.
>
> Why the bloody hell not?
I think that it was moved from package-updates to the main distribution
so that if you downloaded it or purchased a new cdrom, it would
have the updates in it. Seems reasonable.
>
> Sorry, this makes me angry. Debian does a whole lot on finding these
> holes, then spreading the information they are there, but then every one
> has to read at least debian-user or visit the security page on the web to
> find out. We have such a great distribution system and make no use of it.
System administration with responsibility for security
(and other things) is inhierently complex. All you can
ask for is someone to point the way, and it's up to you track it
down.
King Lee
Reply to: