We are still releasing security fixes back to version 6.x, I think though
Vincent can give a more direct answer.
-Chris
On Thursday 18 January 2001 12:31, D. Stark - eSN wrote:
> This poses a question that I have about mandrake: do they continue to issue
> security fixes after a new version is released? ie: how long do they
> continue do do updates?
>
>
>
> Derek Stark
> IT / Linux Admin
> eSupportNow
> xt 8952
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Vincent Danen
> Sent: Thursday, January 18, 2001 11:59 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [expert] Linux worm...?
>
> On Thu Jan 18, 2001 at 09:59:15AM -0800, Dave Sherman wrote:
> > Since Mandrake is Redhat based, I would assume that we ARE vulnerable to
> > the same attack, until and unless Mandrake publicly says otherwise.
> > Hopefully Mandrake will announce something, one way or the other, soon.
>
> Not true. While I haven't seen the worm itself to know for certain
> one way or the other, I've been told it specifically targets RH 6.2
> and 7.0 machines. This would leave other distributions alone.
> *However*, since I wouldn't ask anyone to rely on that and/or use it
> as an excuse, the simple response (for any distribution) is simple:
>
> 1) Subscribe to vendor security mailing lists. Announcement lists of
> a security nature are generally small bandwidth with infrequent
> posts.
>
> 2) Update update update!!! If an update is released, it's for *your*
> health, not ours. We don't do this kind of work for fun (I know
> I'd rather spend my time doing other things than back-porting fixes
> to 6.0!). There is a reason why security updates are released.
>
> In other words, all versions of Linux-Mandrake 6.0 to present *with
> appropriate security updates applied* are not vulnerable.
>
> I posted previously the relevant web pages that indicate the
> vulnerabilities this worm takes advantage of have been fixed last year.
>
> --
> [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
> 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
> - Danen Consulting Services www.danen.net, www.freezer-burn.org
> - MandrakeSoft, Inc. Security www.linux-mandrake.com
>
> Current Linux uptime: 1 day 18 hours 15 minutes.
