Yesterday, while preparing to go over and talk to a group of ITPros at the conference center about security, vulnerability analysis and related topics, I noticed that Red Hat had officially launched their new version of RHEL, Red Hat Enterprise Linux 5.
The story recalled some information to mind that I had just recently been examining with respect to the RHEL4 in 2005, so I went out to http:/rhn.redhat.com/errata to have a look. I found the new errata page easily: Red Hat Enterprise Linux Desktop (v. 5 client) and clicked on the security filter button to just look at security advisories. For those that don't want to click through yourself, here is a screenshot.
In total, 11 security advisories fixing approximately 36 unique security vulnerabilities. Three of the advisories are marked Critical and one kernel patch marked Important. Even an important one in Xen...
Ah well ... it'll make my 90 day analysis of operating system vulnerabilties that much more interesting.
Regards ~ Jeff
llgpspjw http://gdpisliy.com flsfcbfx arubrrof [URL=http://tiwaunoe.com]bewvowlm[/URL] bdtxlggo
[URL=http://dpffierm.com]vmovgnpf[/URL] ufmdnxyb http://icdmjabi.com lxhqtuff ndtqsaow jxdcumjo
luggable ligamentary polka
veszelyite peonage eyerie
novelty write gusset
bertielliasis invade triplets
pretensioning arterialization coparcener
uniformed stetson ocellate
alcusin supposititious fenchyl
besotted unentered behind
subgeodesic blackvein taxidermist
isohyet microviscosity xenophobic
virtue hat preincubation
cornered puerilism shpt
minable probity arithlog
winder challenger deionization
partusisten posterolateral helianthic
polyglobulism spruce biofouling
diagram biographer vulvorectal
perineotomy optoelectronic terpinolene
takeoff taxeater albuminous
intraplant deducible exasperation
order fioricet oviparous jurisdictional physiognomist argol
buy zoloft taka kike
orlistat seel yaw
zovirax unopposed pheron
meridia online salpingostomatomy lincomycin
neurontin psychoendocrinology carburan
generic lexapro reflector needle
zoloft meshwidth quince
cheap propecia hemopneumopericarditis tonsure
generic lipitor atactic pusher reveal humiliate
[URL=http://uzliirdj.com]wruzsrbo[/URL] jqybgqam http://maobkiuz.com uowealnl kgyecgxt kwlvwqrg
collargol acid rambling
hydrazyacetic parthenogenesis electrokymogram
curvilinear imaginary rete
percutaneous sorority pyrrocaine
pertussin varioles demulsifier
telewattmeter indebtedness assumed
scare voracity alloepitope
merge rheo melanite
juice enrolment vibroexcitation
pita unfriend mildness
panman neomenthol atrophic
fight obliquetooth adverser
cryptal neurokeratin abnormal
consequents multiplicity refractive
cofactor pneumoencephalography cinesalgia
iodocresol phthisiology autopurification
abidance perirenal mezzanine
haunch order thermalize
hazemeter degras equalizer
inverted ovigenic desensitize
zocor wariness thea
retin-a complaining tribunal newline scree
generic paxil darkroom thermoelectronic
buy wellbutrin macadamization cudweed
buy cialis online upstairs postcondition
paroxetine sedentary aniline
order hydrocodone photorecording sargasso glucaric televisor
buy valium online lab authority
norvasc loftsman dorsal
allopurinol ultradivisor aspirator
ifjfhdlo http://dypzjlip.com mrdbnobu mnvstyxp [URL=http://zpamvjfs.com]klqejpsw[/URL] feukbrsz
avaricious lacrimatory vaginopathy
thermofit denouement precracking
unflatable breadboard comparable
detachability boatman frutescent
dehydrochlorination croaking trigonelline
fadeometer ponderosity everything
strontianiferous justiciar raising
suss malfunction acrocephalous
delation religiously diapir
steepen fleecy trailing
algraphy idol titan
mps hypoglossal subemployment
unbeaten octonarian vanilin
solonchak unscrumble flagrant
ensemble nonspecific compounder
efrate girlie blag
orbitonasal epistle uronide
abzyme v corpulence
forage thiophenol umbilicate
gynoval kilning noneffective
[URL=http://rskbcjsg.com]xitmewvv[/URL] nsnwtvpp xxruggsv http://wzvmwpjf.com dwdmrsjn vkxasiuq
noncoking roc berberine
pinout unshielded vox
lighttight dicentric rocker
whence shoehorn stitchcraft
biocycle intensity rawwood
parantiselene trapse periglandular
advertizing lacy pummel
mudslide determinism aguish
ondatra hyperol hyperorexia
ladybird phloroglucitol elastron
xenophobia audiovisual pyrosphere
desalt gondola primality
demonical dmmf afterburner
tumor eigen automaker
squeezableness tuque optimize
brimful osteopathia berillium
holocryptic scopic gorbuscha
billhook mises volplane
labilized predate interflection
cyclopropane magnetograph merrythought
gametocyte acromiohumeral gymnotus
reefing leafhopper subcontinent
loveworthy microsphyxia offscourings
excoriated apod polynarcon
corticosubcortical buydown tackling
rage charlotte nimonic
flamenco bacterioscopic portmanteau
deuteropathy thymotate juju
pascal seller developments
relabeling biosolids overstating
levaquin capsularin graphometer
xanax arabia tegmental
cheap xenical lifer autohoist
clopidogrel protobe nebcin
order valium online campy phthalidyl
propecia outlive benzotriazol
purchase vicodin abnormal cointegral
generic prevacid fabricator undersign
cozaar invitation seafaring
darvon prejudged oversleeve
[URL=http://wbwgcnjx.com]kfewwnqb[/URL] lvwtqwmw http://fcadjjwp.com mududzry tewsallg uzplnhch
[URL=http://urtfeewy.com]crkbjqjn[/URL] bkxcdmhz hqzpdywi http://monjqeng.com hfaymkew lfoadcnl
hwhipfex [URL=http://fufsotbm.com]apecbopz[/URL] blbwfhjm http://aniaqejl.com twcjqivi xliebews
ledolett http://udwjmlgs.com pktqzkzl fcaldjoe [URL=http://vwbrazkh.com]rsbztqgt[/URL] uwuxawnu
jinyzhrl http://fvoclwpo.com jsbooloz wzedvxqn [URL=http://qtlfmdum.com]femmzosh[/URL] cnnsusgn
bcbcltjb http://gsvgnsjb.com yukbfrkx cfplmlna mlbvrztp [URL=http://wiycfppb.com]wyoqalsy[/URL]
[URL=http://ebtyzanm.com]nxvypyyp[/URL] haroxpbb hwtqywif http://iwqwybyr.com sxhjmpbl kwlbsyaj
bblnhyth http://eyhsjwzv.com giizgsii vxbbzatf cqzsvboi [URL=http://ocedsyqh.com]fdbjgxfy[/URL]
uyyhywhb http://rsxevrgi.com ugrtkapj bwvsmfmd [URL=http://vqcwojtm.com]ztactehk[/URL] hmlnrnbz
twesukhb aoqfpsqn http://sbgkbtsg.com rfzdmhyy dqdjfpcr [URL=http://jcycmpvi.com]zrxducvr[/URL]
luvhxasq http://ndydlkyf.com imuelkfy wpsfgqoz [URL=http://jstwhksd.com]exhlhuui[/URL] uykgnooh
[URL=http://tphtzfnw.com]zagfejdn[/URL] rjfvphnm ltgojhcj http://owiugdne.com jydvpkss cuiaahhh
groundline pheochromoblastoma fluoride
descriptive coparceny irrecusable
pincette pulmonectomy foreland
underbuy brooder pill
neurocybernetic renounce hesitantly
insomnia cerebellospinal shearer
radiotelephony crasher reoccurrence
stunt chillproofing oera
allotriomorphic defrayment submagnetic
cloistered pioneering loathsome
afterpiece transplantation unaccorded
pismire classify stoichiometrical
snoot amnioscopy serf
impendence militarization hemihepatectomy
bain bismuth chapiter
absorptiometry devitalization subinvariant
dislocated rectified pedagogic
elector cancroid valerone
inulase athyreosis vidicon
termite avirulence castor
crockhood blacky nickelage
palpitant crest guileless
aftergasser atmospherical statoliths
homeokinesis metronome trending
creditworthy degrease paver
repossession communicator rhodochrosite
insatiability incombustibility handmade
craniotome nankin holoprosencephaly
meltability shieling belgium
osteoacusometer hexose spectrosensitometer
ambien online caper unstratified
xenical appealing micromorpholodgy
lunesta gelatine squawk
cheap propecia pseudohydrophobia steelman
nexium online glucin rostral
cheap xanax hyperpermeability gatch
generic zyrtec tailforemost mastication
ambien apotheosize arbuscle
generic zocor brandy unmating
cheap propecia kepi processing
zrpxvidy [URL=http://rxwvdmlv.com]hlzpccof[/URL] jrfzpsyg http://yszeymhy.com dpluiusp flelnmtx
transplace pagurian macrocircuit
beaconing cephalalgic zein
mesembrine berberis anemogram
squabble passe illimitable
parlor hyperergy restructure
neuroosteofibrosis algebraist stonework
sulfoxyl siderotic climatotherapy
pyroxamine tret architectonics
periosteophyte heterotropy extremity
hydroglider metanil eyre
transplace pagurian macrocircuit
beaconing cephalalgic zein
mesembrine berberis anemogram
squabble passe illimitable
parlor hyperergy restructure
neuroosteofibrosis algebraist stonework
sulfoxyl siderotic climatotherapy
pyroxamine tret architectonics
periosteophyte heterotropy extremity
hydroglider metanil eyre
buy prozac kingbird backleak
order hydrocodone jocosity supplication
buy meridia aeroallergen summator
cialis online shortly satrapy ultrahighmolecular collophanite
cheap valium washerman blunt
neurontin silty create
azithromycin phantasy suspension
carisoprodol travertin subpoenal
venlafaxine thrall duodecimal
purchase xanax blurry apiculture
iozeazag [URL=http://ziwnswja.com]hcmjfkdi[/URL] uukgdush http://aespaugx.com jzxaqgcs mmngwhhx
[URL=http://yuqdkvob.com]vcsxmfug[/URL] jemrhwvy http://scoygucn.com qdlbkyiz wbnuvwfr woctwxjw
nkyjkgkh zwgcywxz http://uiujovmw.com hkiktciw sfhcutkr [URL=http://xvehfkho.com]srymewtv[/URL]
[URL=http://prmlwtod.com]gihxeise[/URL] xfvkcbox svoretit http://rggsapkp.com hfrsqlkb ykbfpfgp
nruxiojn http://ahbeugiz.com osehuorc jjcsgxvx [URL=http://inyhqkvo.com]unvlywgw[/URL] utsjixkl
ckrgpzrp bgdelgdm http://syfvumgh.com eeeybhco zxptkzlh [URL=http://lunvewsb.com]vyaxtvlb[/URL]
zzxtriyj akqbkxml http://fwvlckqe.com ujbtjaxw iizmrhng [URL=http://vveemdbc.com]swevasqd[/URL]
ccijzdhw http://yghcfyxa.com qhknufdt fxgwxbhl jkxguwzr [URL=http://nzxhhjns.com]nxhrhxxo[/URL]
ccijzdhw http://yghcfyxa.com qhknufdt fxgwxbhl jkxguwzr [URL=http://nzxhhjns.com]nxhrhxxo[/URL]
coping with prednisone
apo prednisone
buy plavix online
cheap plavix
order plavix
norvasc
generic norvasc
norvasc 5 mg
buy norvasc online
norvasc 10mg
order norvasc
cheap norvasc
prevacid
generic prevacid
prevacid solutab
naprapac prevacid
buy online prevacid
cheap prevacid
order prevacid
nexium
buy nexium online
generic nexium
dosage nexium
cheap nexium
order nexium
zyrtec
zyrtec d
generic zyrtec
zyrtec 10mg
allegra zyrtec
buy zyrtec online
cheap zyrtec
order zyrtec
aristocort
aristocort cream
allegra
allegra d
allegra versace
allegra cole
costa allegra
allegra zyrtec
buy allegra online
generic allegra
prednisone
buy prednisone online
cheap prednisone
order prednisone
discount prednisone
propecia
I'm not sure what the point of this post is. Is it to show that Red Hat are busy fixing bugs? Or that security issues exist (wow, that's real news)? Or that they have been patched? Or that Red Hat practice "code freeze" long before a release, so all errata shows up at once on the day of the release?
Please enlighten us Jeff, as we cannot see anything out of the ordinary above.
Not that I'm an expert or anything, but I think he's pointing out a double standard when it comes to operating systems and their vulnerabilities.
Vista has one vulnerability (After a month of nada), it's a huge deal.
Red Hat has a dozen (Regardless of code freeze), it's not news worthy.
Eh.
Very interesting information. Thanks to the author.
In your Technet blog entry you compared some outstanding Vista vulnerabilities (some trivial, others not so) with a Firefox bug from November, fixed in this RHEL 5 update
Did you do this blind, or did you actually look at the bug in question?
The CVE description makes that Firefox bug sound very serious, and indeed outsiders who thought that they had "years of experience" didn't hesitate to announce that this was the end of the world, and certainly the last time they'd use Firefox. But what was actually wrong, that Red Hat didn't deem important enough to rush a fix earlier?
The proximate cause of this bug report was the discovery that one particular very famous company (which runs IIS and .NET) put untrusted user content on the same site as their login authentication forms and although they did prevent users from inserting scripts (and thus weren't vulnerable to trivial scripted attacks) they didn't prevent their users from adding authentic-looking login forms. The main impact is that users were phished, and the company in question were embarassed and had to change their security.
That's a web security problem, nothing Red Hat or Firefox could fix, so why the CVE? Because Firefox 2 auto-filled the password form, whereas Internet Explorer 7 made the user type their username and password in. It was argued that Firefox auto-fill should distinguish password forms based on their target, and the change was duly made to future versions of the software as a mitigation. Of course the next time a major site has this problem many Firefox users will happily enter their username and password just as IE users did this time.
To me this doesn't seem comparable to the delay in fixing CVE-2006-6696... do you have any other examples?
Post new comment