[CentOS] gnutls bug

Thu Mar 6 15:03:53 UTC 2014
Michael Coffman <michael.coffman at avagotech.com>

Thanks for all the thoughtful responses.  I have learned a couple of things.






On Thu, Mar 6, 2014 at 7:26 AM, Leon Fauster <leonfauster at googlemail.com>wrote:

> Am 06.03.2014 um 01:00 schrieb Michael Coffman <
> michael.coffman at avagotech.com>:
> > On Wed, Mar 5, 2014 at 4:44 PM, John R Pierce <pierce at hogranch.com>
> wrote:
> >
> >> On 3/5/2014 3:36 PM, Michael Coffman wrote:
> >>> Not sure what your environment looks like but the systems I manage are
> >>> locked down and it's typically difficult to get them changed.   We have
> >>> hundreds of systems ( desktop, server and HPC systems) that are all the
> >>> same rev with all the same packages.   A large number of vendor
> packages
> >>> and internally developed packages have to be re-qualified everytime
> >>> anything is changed.   So we don't change them often.
> >>
> >> so you're a year behind on any security fixes.... why are you worried
> >> about this one, then?
> >>
> >
> >
> > This seems like it has more potentiol to impact users in my environment
> > that are using a web browser to access sites outside our firewall. It
> > seemed like a reasonable question to me as it looke like it might be
> easily
> > updated.  I did not realize that once the OS was vaulted, there were no
> > more updates.   Now I know so thanks...
>
>
> The OS is not vaulted. I suggest to rethink the mental model of the OS
> point releases.
>
> IMHO the above mentioned policy brings less security into the organization
> then it
> tries to suggest and do not forget that the most attacks came from
> internal.
>
> There are more fixes to worry about
>
> https://rhn.redhat.com/errata/rhel-server-6-errata.html
>
>
> --
> LF
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
-MichaelC