> password"? That's what I'm talking about -- how often does this sort of > thing happen, where you need to be subscribed to be a security mailing list > in order to know what workaround to make to stay safe, as opposed to simply > running yum-updatesd to install latest patches automatically. Happens all the time! Count on it! If running any server available to the public there is no "set and forget" if you're responsible for that server you best stay informed/subscribed and ready to take action be it a work around, update or whatever.