> |
> | In short, no. The wu-ftpd suexec hole that it's talking about was fixed
> | in June, 2000. Now, if you're sloppy and haven't been updating security
> | fixes, then you could be in trouble.
> |
> | I typically pay attention to the security announcements in lwn.net and am
> | happy to see that Mandrake is usually in the first group of vendors to
> | release security fixes. It's one of the reasons I chose Mandrake as my
> | supplier.
> |
> | .../Ed
>
> Thanks, Ed!
> Should somebody write a letter to C-Net that Mandrake doesn't have this hole?
>
Well, it's really 2 ways, if you don't take the time to make an update, then
of course the hole will be there. I think the importance of updates is
obvious enough, we make advisories for this kind of stuff, and not just silently
putting an update into the ftp servers.
We've done our job so if someone doesn't take an effort to make an updated
and the server gets r00ted then that's not my problem ..
If you really need to write, then perhaps you can tell them yes, the stock
one that you buy from the stores is affected but if you make the update
then you're not affected anymore.
--
Geoffrey Lee <[EMAIL PROTECTED]>
§õªø·
http://www.mandrakesoft.com/~snailtalk
ftp://devel.mandrakesoft.com/pub/people/snailtalk
$/usr/games/fortune
Anything that can go wrong will go
Segmentation fault (core dumped)
$
