Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Admins can relax this Tuesday.

  1. #11
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Originally posted here by RoadClosed
    One of these days I am going to start posting the weekly list of linux patches. Hey gore... could have sworn there was a kernal patch out about 4 weeks ago?
    That's just not feasible.... you'd spend all your time posting regarding patches... besides watch IT sites.. .no one cares about *nix patches.... every magazine/ezine follows the MS Patches.... no one has the man power for the *nix ones..

    Ubuntu releases a couple dozen a month, the same with SuSE... that's why I always laugh at people that bash MS for their patches...

  2. #12
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    SuSE has ALWAYS been that way. It's open source... people are always finding bugs. And like I said a thousand times. People were hacking Unix long before MS even had network stack.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #13
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by RoadClosed
    One of these days I am going to start posting the weekly list of linux patches. Hey gore... could have sworn there was a kernal patch out about 4 weeks ago?
    Depends which version of Linux you use SUSE doesn't use a default Kernel, and SUSE does security audits the same way OpenBSD does. That's why Gentoo and Debian have 1 or two a day and SUSE maybe 1 a month.

    Also, UNIX based patches aren't exactly known for bringing down a network or crashing, or needing a reboot.

    HT, I'll agree with what you said about Ubuntu, but SUSE having a couple dozen a month, I can't honestly support that one bro. I'd say one or two a month, sometimes less.
    I know of one time there were two Kernel patches fairly close to each other, and the reason was that Marcuss was patching it for me because the patch and the Nvidia driver took out X (Mostly my fault for not having the Nvidia patch handy to reinstall for X, as you do have to install that one again after a Kernel update, but he rewrote a part of it for me anyway).

  4. #14
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Often there are a lot of patches for SuSE gore. But it depends on what you are running. I haven't seen an email patch for a while. Been a lot of SQL patches but you probably don't run that. Had some recent issues with Tomcat, patch related. Probably don't run that either. All security related. Linux can be full of patch issues but we are more careful to read them qand understand what they are doing. And the package managers these days help immensely.

    Tell that dude to patch the ATI cards for 64 bit.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #15
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Hey RC, I can't tell him to patch an ATI driver as they really don't have much control over it. But I am on the SUSE security lists, and the SUSE lists for Novell and I know there was a patch released a few days ago, but even if I don't use the software I'm still told of new patches from those.

    I actually just finished checking some email, and I saw the usual 3 new patches today for Debian... Actually I can check, I have a back up copy of every SUSE security release in the last two years give or take a few.

    OK, since August first there have been 8 Security / Bug patches for SUSE. That's for all products.

    Libtiff, Freetype2, Clam AV, Kernel, Mozilla, 1 Kernel for SLED, ImageMagick which seems to be the new Sendmail, And Apache 2.

    Those are all the patches and fixes released for everything, the Desktop 9.3 and the Enterprise Server and SLED. So 3 products and 8 patches in 2 months isn't really so bad.

    And the Kernel patch was for Local escalation.

    The July 28th Apache patch was the only one that affected 9.2, 9.3, SUSE Enterprise 8 and 9, SLED, SUSE 10.0 and 10.1, and SLE SDK 10.


    Ah, woopsy, the Libtiff and Freetype affected both + the UnitedLinux desktop products. Clam AV patch only affected SLES and SUSE desktop distros. SLED and UnitedLinux which they still support weren't affected.

  6. #16
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    OK since August there were only 8.

    It has been quite for the most part i guess. But there was just ANOTHER Apache patch this week.

    The August 18 kernal patch fixed 3 issues with Kernel security. Then another on August 11 to fix 11 issues. And another in July. Along with those others you listed. Maybe I am exagerating the patches for SuSE but every month there is a handfull to deal with. And looking at the SuSE list, I am not sure every single package is reported on there? For instance I use horde for my personal email server. And I know there were some issues with it this summer but maybe I was just smoking too much crack.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  7. #17
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    They actually do report them all, and then each month or so there is a SUSE Security Summary Report that goers over everything, the patches, the ones they are working on and things like that.

    Speaking of smoking crack and Linux, that was what Linus Torvalds said about SCO when they first started the legal stuff lol.

  8. #18
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by RoadClosed
    OK since August there were only 8.

    It has been quite for the most part i guess. But there was just ANOTHER Apache patch this week.

    The August 18 kernal patch fixed 3 issues with Kernel security. Then another on August 11 to fix 11 issues.

    That is like the MacOS patches.. I was reading something where they were talking about the number of OSX patches versus the number of MS patches. OSX had a lot less patches. But if you looked at the number of individual items each patch fixed, and how many files each patch fixed OSX was considerably higher.

    The number of patches doesn't really mean anything. All of the OS'es mentioned have vulnerabilities in them. They are all being actively looked for, and as they are found and reported they are fixed. Unless every software developers starts working at CMM level 5, which will never happen, this will always be the case.

    In probably 90% of the cases the vulnerabilities are minor and require poor configuration or poor habits to be exploited. And if you have poor configuration policies there are probably a lot of easier vulnerabilities that can be used.

  9. #19
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    In probably 90% of the cases the vulnerabilities are minor and require poor configuration or poor habits to be exploited. And if you have poor configuration policies there are probably a lot of easier vulnerabilities that can be used.
    Totally true. And usually there is a work around for the majoro ones. If you are paying attention.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •