On October 7, 2017 10:43:55 PM MDT, Reg Tiangha <r...@reginaldtiangha.com> wrote: >On 2017-10-07 1:19 PM, Ron Hunter-Duvar wrote: > >> Well, I did all this, and confirmed that the sys-* servicevms are all >> using Fedora 25, but it still has dnsmasq version 2.76. According to >> US-CERT, 2.78 is needed to get the vulnerability fixes. Which >concerns >> me, given the length of time that the exploit code has been public. >> Surprises me too, since Debian had it out in a matter of hours. >> >> However, it's not running in any of these, nor in dom0. Should I just >> uninstall it? >> >> Thanks, >> Ron >> > >It's weird, but it seems like every distro *but* Fedora has released an >updated version or version with a backported fix. Even Red Hat >Enterprise has done it. I don't know what the hold up is, but it'll be >a >package with a backported fix and currently it's set to be 2.76.4 (or >greater if more bugs are found). > >https://bodhi.fedoraproject.org/updates/FEDORA-2017-515264ae24
One of the reasons I like Debian so much is the priority they put on security. That, and stability. You may not get all the latest shiny stuff, at least not in stable, but you know it will be rock solid. Tried fedora several times in the past, and always went to something else instead. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/C4B1473D-77A7-4B64-ABD8-4E867D2723E3%40shaw.ca. For more options, visit https://groups.google.com/d/optout.
