On Thu, 2003-03-13 at 13:01, Peter Bowen wrote: > On Thu, 2003-03-13 at 02:24, Philip Wyett wrote: > > Yes... the more and more I look into this enterprise WS edition, the > > more I get these weird Windows ME flash backs. As previously noted the > > actual role call of whats in the WS edition is not too forth-coming > > within the release notes. But if you look at the source rpms for AS on > > any mirror and the AS errata, it's gets rather scary. The first thing I > > noticed was AS 2.1 shipped with zlib 1.1.3, but there has seemingly been > > no errata (security fix) update to 1.1.4. There is more stuff, but it's > > pointless for me to go on listing stuff. >
<snip> > Additionally, I don't think that there are any known security holes in > Red Hat's products. In the specific case you mention, Red Hat back > ported the fix to zlib 1.1.3. See > http://rhn.redhat.com/errata/RHSA-2002-026.html. Note that this errata > does not include RHEL AS because it shipped after the errata was > released, so it included the fix from day one. Hence no errata was > necessary. If you see other security issues that might not have been > addressed, please check the errata lists at > http://rhn.redhat.com/errata, and, if they haven't been, email > [EMAIL PROTECTED] > No, the version in AS is 1.1.3 and until someone updates the rpm to say it's 1.1.4, it is 1.1.3. So they maybe back ported the fix, but there is no direct info related to AS that says it has the fix and it is not an AS users job to go search other RH versions errata or checking the 1.1.3 source rpm or rpm --changelog and seeing if the issue has been addressed. > While RHEL WS isn't a cutting edge product, I think that it will meet > then needs of many technical workstation users, the type who have bought > SGI workstations in the past. > How deep into the dim and distant 'past' were you thinking of? :) Regards Phil -- ICQ: 135463069 Email: [EMAIL PROTECTED] -- Public key: http://www.philipwyett.dsl.pipex.com/gpg/public_key.txt --
signature.asc
Description: This is a digitally signed message part
