Re: Ethereal and other Security Questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2003-11-10 at 10:25, The Matt wrote:
>  After getting the ethereal RHSA just now,
> I wondered aloud...is Fedora Core vulnerable?  

According to the bulletin all versions <= 0.9.15 are vulnerable. FC1
comes with ethereal-0.9.13-4.1. So I would say it is probably
vulnerable.

> How about the recent CUPS and coreutils RHSAs? 

The CUPS bulletin was for versions prior to 1.1.19. FC1 comes with
1.1.19 so it appears to be alright. Doing a quick check of "ls" in the
FC1 coreutils package to see if it suffers from the reported problem the
answer is, yes it does.
 
>   So, I ask again, what is the security/bug procedure of Fedora
> Core?  Is there a "FCSA" list out there that mimics RHSA that I can
> subscribe to? 

Thats a good question as to how security issues are going to be handled.
There does not appear to be an fedora-watch-list at this time.

> 
> Should I grab the Red Hat 9 packages to shore up these security holes if
> the FC1 packages don't cover them (e.g., get ethereal*.0.9.16 until an
> FC1 release appears)?

I just grabbed the SRPM for the RH 9 errata and will compile it for my
Fedora box. For the coreutils issue, I just grabbed the patches from the
bug-coreutils mailing list. Will look at adding them to the current FC1
package and recompiling it. 


Regards,
	Jim H




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux