[CentOS-devel] RHSA-2007:1020

Akemi Yagi amyagi at gmail.com
Thu Nov 1 01:05:48 UTC 2007


On 10/31/07, Ralph Angenendt <ra+centos at br-online.de> wrote:
> Karanbir Singh wrote:
> > 3) We build it now against 5.0 and Tag it accordingly, and then rebuild it
> > when 5.1 is out and then change Tag to 5_1. It will be a different RPM and
> > would involve most uses doing two updates.
> >
> > Opinions ?
>
> As ugly as it is - this should be what to do. Yes, it sucks. Hard. But
> security updates aren't updates to wait upon.
>
> Sucks. Sucks. Sucks. But let us do it.
>
> Ralph

The security issue seems more serious than it looks in the RHSA
announcement. The description "the default CUPS configuration does not
allow remote hosts to connect to the IPP TCP port" may be misleading.
Virtually all machines running cups have port 631/tcp open.  The
details of this bug were publicly made available today.  So, I suppose
there is no choice,  The hole must be plugged as soon as possible.

Akemi



More information about the CentOS-devel mailing list