Vulnerabilities found in my Fedora Core 2
Hugo van der Kooij
hvdkooij at vanderkooij.org
Thu Dec 2 19:20:19 EST 2004
On Thu, 2 Dec 2004, Edilmar Alves - Lista wrote:
> I have a Fedore Core 2 Linux, with automatic update with yum all the
> days. Today I point NESSUS to my server and these vulnerabilities were
> found:
>
> 1) Apache 2.0.51 => better is 2.0.52
> 2) SSH 3.6.1 => better is 3.7.1
> 3) Proftpd 1.2.10
>
> but are these problems very new? And how can I discover if, for example,
> my SSH 3.6.1 is "like" 3.7.1, that Nessus alerts that it's possible the
> distro doesn't update the version but solve the problem?
You could actually take the effort and read the security announcements
that belong to your updates. The issues covered are listed and you can
read the action details in bugzilla.
It is common to keep the package mainly as-is and just fix the
vulnerabilities. The Q&A cycle of these fixes is much shorter. If you need
to update the package you need to spend much more effort to do a good Q&A
evaluation of a new version as you do change so much more.
Hugo.
--
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij at vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
More information about the Nessus
mailing list