There are several reasons for this.
1. Clearly there can be vulnerabilities that have not been fixed yet
or have been fixed and there has not been a package created yet. In
this case I would access my risk and disable the vulnerable service
as needed.
2. I am running a large enterprise and cannot risk upgrading packages
unless there is a clear reason to do so (ie. Security vulnerability).
Doing a global yum update is risking for the enterprise. It is fine
at home.
Thanks to all for the replies.
JJ
On Aug 3, 2007, at 7:13 AM, Todd Zullinger wrote:
Sam Varshavchik wrote:
Jaigh Jaddo writes:
Is there a tool similar to freeBSD's portaudit? Something that will
report packages that have known vulnerabilities.
No. For the simple reason that a known vulnerability results in an
updated package. If you want to make sure that you're not running
any known vulnerability, run "yum update".
There can be known vulnerabilities that are not fixed yet. I thought
that was what Jaigh was asking about, and this is the sort of info
that's in the fedora-security/audit files.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We never reflect how pleasant it is to ask for nothing.
-- Seneca
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
