On 16/06/16 13:18, Johnny Hughes wrote:
.. the actual definition of a
'CRITICAL' update from Red Hat's perspective is:
"This rating is given to flaws that could be easily*exploited by a remote unauthenticated attacker and lead to system
compromise (arbitrary code execution) without requiring user interaction*. These are the types
of vulnerabilities that can be exploited by worms. Flaws that require an
authenticated remote user, a local user, or an unlikely configuration
are not classed as Critical impact."
Taken from:
https://access.redhat.com/security/updates/classification
I think it's time to add a another link to the mailman suffix.
That bold section should scare anyone storing public data on their
servers without keeping up with security updates whether critical or
not! I'd say that whole paragraph needs to be added to the Wiki
somewhere and the email suffix modified to include a link to it. This
would give us a place to point people to - such as - *S**ee link at
bottom of signature, you <insert what you feel necessary here>*.
ak.
PS: Here's what my suggestion might look like:
<new_sig>
----------
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
Latest CentOS Release - 7.v.wxyz -
https://wiki.centos.org/read-this-if-centos-version-not-at-7.v.wxyz
</new_sig>
And just as Johnny said - but what the heck do I know?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
