Am 06.03.2014 um 01:00 schrieb Michael Coffman <michael.coffman at avagotech.com>: > On Wed, Mar 5, 2014 at 4:44 PM, John R Pierce <pierce at hogranch.com> wrote: > >> On 3/5/2014 3:36 PM, Michael Coffman wrote: >>> Not sure what your environment looks like but the systems I manage are >>> locked down and it's typically difficult to get them changed. We have >>> hundreds of systems ( desktop, server and HPC systems) that are all the >>> same rev with all the same packages. A large number of vendor packages >>> and internally developed packages have to be re-qualified everytime >>> anything is changed. So we don't change them often. >> >> so you're a year behind on any security fixes.... why are you worried >> about this one, then? >> > > > This seems like it has more potentiol to impact users in my environment > that are using a web browser to access sites outside our firewall. It > seemed like a reasonable question to me as it looke like it might be easily > updated. I did not realize that once the OS was vaulted, there were no > more updates. Now I know so thanks... The OS is not vaulted. I suggest to rethink the mental model of the OS point releases. IMHO the above mentioned policy brings less security into the organization then it tries to suggest and do not forget that the most attacks came from internal. There are more fixes to worry about https://rhn.redhat.com/errata/rhel-server-6-errata.html -- LF