Red Hat patches critical vulnerabilities in Linux

[sprintman]

Red Hat has patched nine vulnerabilities in its Enterprise Linux 5 kernel that could cause denial of service and unauthorised system access if exploited by a malicious attacker the vendor announced on Monday.
The vendor claimed the update fixes three ‘important’ flaws; five ‘moderate’ flaws and one ‘low’ rated flaw in the Linux kernel which handles the basic functions of the operating system.

The Red Hat Security Response Team rated the update ‘important’ while security monitoring website Secunia rated the vulnerabilities as ‘moderately critical’.

Additionally, the open source vendor has fixed a ‘moderate’ security vulnerability in its OpenSSL packages available for Red Hat Enterprise Linux 2.1 and 3.

However, Secunia rated the vulnerability as ‘highly critical’ having the potential to cause DoS attacks on a vulnerable system, according to its advisory.

Furthermore, according to Red Hat the updates include several bug fixes preventing possible system crashes and data corruption.

Users are advised to upgrade to these packages

 

[SrDriver]

I have always wanted to try the Red Had Distribution of Linux but somehow never got around to it. Used Unix at work before retirement and have run the free Linux distribution of Debian and Ubuntu both of which are good at updates Ubuntu being the best in my opinion. I have tried a few other distributions as well.

I have recently have done a clean install of the latest version of Ubuntu 7.10 Gusty Gibbon replacing version 7.04.

No operating system is 100% safe as you have pointed out.

Between a hardware firewall and the built-in firewall - security Linux offers it helps keep the bad folks out.

The vast majority bad things out go after Windows users simply because about 90% of the worlds computers are running some form of the Windows operating system!

 

[Mystic]

It bugs me when people say a software security risk in their product is only 'moderate' and others are saying it is a 'critical' security problem. You have to figure the security company is not going to label a security problem as 'critical' if it is not-they would worry about being sued. If it is a 'critical' security problem why not admit to it?

Microsoft Windows operating systems are the target of most of the bad guys because Microsoft is on over 90% of desktop computers. But there are some problems with Microsoft Windows operating systems as well-a complete redesign is probably overdue.

I think Linux and Unix are way over-rated when it comes to security. A Linux computer has to be properly setup. And numerous security holes are typically found all the time and sometimes not fixed for a while. Then you have somebody saying that a security hole in their software is 'moderate' rather than 'critical.' Which is it? Just the truth please.

I think Apple has made some real security improvements in Mac OS 10.5. More could be done but it is a start.

Linux and Mac OS X SEEM secure because nobody is really targeting them as desktop operating systems. Apple Mac OS X is getting more popular but is still only 8% or so of the desktop computer operating systems in the USA and less worldwide. Linux is mainly used for servers and is not commonplace as a dektop operating system so the bad guys are not targeting it as a desktop personal computer operating system.

In the long run I think Microsoft will somwday HAVE to redesign their operating systems in major ways.

Steve Jobs apparently recently stated something to the effect that there will be about 10 years of future development with Mac OS X. That is encouraging. That is kind of an endorsement-kind of a committment on the part of Apple to continue developing and selling Mac OS X for at least 10 more years. With a little more work Mac OS X could probably be made very secure. It IS secure compared to Windows just because it is less of a target.

 

[simple_gifts]

SrDriver,

Take a look @ CentOS www.centos.org; This is a linux distro that is built from the sources at Redhat, but the project makes it clear that it is not affiliated with Redhat. In fact Redhat is referred to as a "North American Linux vendor"

There is nothing substantially different about the Enterprise version of Redhat linux, except you are allowed to place service calls and have them modify code should a bug be found. The releases are slower and concentration is on stability/security not new features (e.g Fedora)

I helped build 3 internet mail relays for our customer and there was no discussion of a possible Windows solution; it was RHEL x-64, hands down.

Mystic

Quote:

---

When you have somebody saying that a security hole in their software is 'moderate' rather than 'critical.' Which is it? Just the truth please.

---

If you are familiar with classifications of security vulnerabilities, you will know that corporations evaluate vulnerabilities according to how it will impact their business; there may be a "critical" flaw which is downgraded to "low" as it has no chance of being exploited.

Tcpdump is a tool that runs on linux, it has had a few problems in the past which are "serious problems" but it might be classified as a "low risk" since the tool would have to be running to be exploited and it seldom (never) is.

 

[Mystic]

Yes, you can say that sometimes a critical security hole is actually not important. The Bluetooth exploit for Mac OS X was really not very important. A person utilizing that exploit would have to be very close to the computer.

But I don't think Secunia very often labels a critical security problem critical unless it really is critical.

Really, no operating system is completely safe. There are some design issues in Windows but Windows Vista so far has been reasonably secure. Most people are not even aware of the depth of security in Vista-like Date Execution Prevention.

On the other hand with every bad guy in the world targeting Vista will it continue to be secure? Vista is still a low profile target because of percentage of users but it has been around now for most of a year and still no really massive problems.

I like some of the security that Apple is putting into Mac OS 10.5 (Leopard). How good this security will actually be we will find out.

A lot of the same sort of security could be put into the typical Linux operating system. Is it being done?

 

[SrDriver]

Quote:

---

SrDriver,

Take a look @ CentOS www.centos.org; This is a linux distro that is built from the sources at Redhat, but the project makes it clear that it is not affiliated with Redhat. In fact Redhat is referred to as a "North American Linux vendor"

Thanks will give that distribution a try along with a couple of others including PCLinuxOS.

Have a couple of hard drives setup so I can swap them. Am running Ubuntu 7.10 and I like the Gnome GUI over KDE as I have tweaked it. KDE offers much more eye candy and bells and whistles if you are into that kind of thing.

I like a simple working desktop.







Web site for Linux Distrubution Info etc.