This poses a question that I have about mandrake: do they continue to issue
security fixes after a new version is released? ie: how long do they
continue do do updates?
Derek Stark
IT / Linux Admin
eSupportNow
xt 8952
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Vincent Danen
Sent: Thursday, January 18, 2001 11:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [expert] Linux worm...?
On Thu Jan 18, 2001 at 09:59:15AM -0800, Dave Sherman wrote:
> Since Mandrake is Redhat based, I would assume that we ARE vulnerable to
> the same attack, until and unless Mandrake publicly says otherwise.
> Hopefully Mandrake will announce something, one way or the other, soon.
Not true. While I haven't seen the worm itself to know for certain
one way or the other, I've been told it specifically targets RH 6.2
and 7.0 machines. This would leave other distributions alone.
*However*, since I wouldn't ask anyone to rely on that and/or use it
as an excuse, the simple response (for any distribution) is simple:
1) Subscribe to vendor security mailing lists. Announcement lists of
a security nature are generally small bandwidth with infrequent
posts.
2) Update update update!!! If an update is released, it's for *your*
health, not ours. We don't do this kind of work for fun (I know
I'd rather spend my time doing other things than back-porting fixes
to 6.0!). There is a reason why security updates are released.
In other words, all versions of Linux-Mandrake 6.0 to present *with
appropriate security updates applied* are not vulnerable.
I posted previously the relevant web pages that indicate the
vulnerabilities this worm takes advantage of have been fixed last year.
--
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
- Danen Consulting Services www.danen.net, www.freezer-burn.org
- MandrakeSoft, Inc. Security www.linux-mandrake.com
Current Linux uptime: 1 day 18 hours 15 minutes.
