Dotan Cohen wrote: > Yes, but we do not always know when/if there is a security patch. I > just yum update and not worry. Unless, of course, it doesn't work! Claude Jones wrote: > You could 'always know' this, if you were to subscribe to the > fedora-announce-list > http://www.redhat.com/mailman/listinfo/fedora-announce-list > This is a very low-volume list that will always keep you notified of patch > releases. The only patch notifications I can see on the list are for Fedora Core. As far as I know, there is no equivalent list for Fedora Extras. For instance, ClamAV was updated recently, moving the package to 0.86.2. This appears to fix an Outlook-sized vulnerability[1]. The only alert I've seen is at http://lwn.net/Articles/145061/, for Gentoo. Am I missing something, or do we just have to be careful when installing sensitive stuff from Extras? James. [1] A "specially crafted" file can cause it to run arbitrary code. Since it's an anti-virus product, it's often used to automatically scan incoming e-mail. So an attacker could get ClamAV to run his (or her) code merely by e-mailing such a file to the right site. -- E-mail address: james | Fengor the Mauve could never figure out why the other @westexe.demon.co.uk | wizards didn't take him seriously, but he knew all | that would change once he managed to extract gold from | a chicken. -- Ursula Vernon, on www.metalandmagic.com
