On 4/4/07, Jason Qi <[EMAIL PROTECTED]> wrote:
Thanks Gavin,
They told me that there is a security-hole on 5.2.1 and they have no choice
but wait for 5.2.2.
I do not believe there are serious security holes in 5.2.1, but it
DOES patch some significant problems that were present in 5.2.0. A
host that runs 5.2.0 is MORE vulnerable than one that runs 5.2.1, by
far.
Some exploits for 5.2.1 have been reported, but AFAIK all of them are
local vulnerabilities -- that is, someone would have to have access to
your server *first* before they could be exploited. Of course, the
ISP is not likely to move to 5.2.1 just because one customer requests
it.
I would be looking for a more aware, competent host myself.
--
- Ed Finkler
http://funkatron.com/
