If you did 'yum update ' regularly (every day, at the very least))
you most likely would not have been hit by this exploit.
That is the best way/ path of least pain.
Is it? In a production environment?
another question: is it really necessary to have executables like
wget/curl/lwp installed on a prod-system? as far as i have seen
installed servers in a prod-env, i have never seen wget/curl/... other
download-tools installed.
why? 1. because the prod-servers have been behind a firewall with no
direct access to the internet (except for the traffic allowed) and 2.
because downloading and compilation of the executables were done on a
machine with direct internet-access and installed compilers a.s.o. and
the binary has been transfered via scp from the download-machine to the
servers - after a lot of checks for vulns and possible side-effects with
already installed versions.
of course it make sometimes sense to have download-tools on a server,
but not for servers in a professional-env.
just my 2-euro-cents, gottfried
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
