Here's Red Hat's explaination
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
It's all about not breaking a customer's system.
Dennis
----- Original Message -----
From: "Phillip Waclawski" <
waclawski@mesacc.edu>
To: "Main PLUG discussion list" <
plug-discuss@lists.plug.phoenix.az.us>
Sent: Monday, July 11, 2011 12:38:46 PM
Subject: Re: CentOS 6 almost ready!
Yep, I remember Linus Torvalds yelling at Red Hat for confusing folks that way, but it does make sense for an enterprise distro to do something like that,
Phil W.
----- Original Message -----
From: "Dennis Kibbe" <
dennisk@mesacc.edu>
To:
plug-discuss@lists.plug.phoenix.az.us
Sent: Monday, July 11, 2011 5:23:22 AM
Subject: Re: CentOS 6 almost ready!
On Sun, 2011-07-10 at 12:00 -0400, R P Herrold wrote:
> On Sun, 10 Jul 2011, Lisa Kachold wrote:
>
> > Thanks - I am especially interested in see the SSL updated. Currently the
> > "stable" SSL available from the repo for CentOs 5 is exploitable.
>
> There are are no publicly known SSL issues in the openssl
> maintained by CentOS
>
> Please state the CVE, or if a private zero day, Lisa, please
> state the vector so I may set up a unit running the allegedly
> vulnerable service or services [ie over http, smtp. pop,
> whatever] for you to demonstrate this assertion
>
> -- Russ herrold
One thing that people might not realize is that Red Hat back ports
security fixes so you can't just look at the version number and assume
that if it's not the latest it's flawed.
Dennis Kibbe
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)