I want to warn about the way that Fedora treats security, i'm a compulsive reader of security lists like bugtraq, and I've never seen some security advisor published by Fedora Security Coordinator (or something like that) as I've seen in other distros (Debian, Gentoo, SuSE ....) about notifying some important security advisors. With regularly I am checking for updates using yum and see that there are new RPM updates. I believe that in these updates are the security fixes but I really don't know it because there aren't advisors. I fed up and i did a little research about security and Fedora, so i took some quite old security advisor relating "lha". Some people found security bugs in these tool, you can see more info here: http://www.securiteam.com/unixfocus/5LP000KCVC.html Today many distros have the appropriate security advisor and patch, one of these distros is RedHat: http://rhn.redhat.com/errata/RHSA-2004-179.html but Fedora users don't have security advisor or security patch, i check yum and I don't see anything about lha and the lha version shipped with Fedora Core 1 is vulnerable: [ice@laptop ice]$ rpm -qa | grep -i lha lha-1.14i-12 [ice@laptop ice]$ lha x buf_oflow.lha LHa: Error: Unknown information UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU Segmentation fault [ice@laptop ice]$ Where is the security advisor ??? and the security patch ??? Why Fedora doesn't have a security coordinator or even a security team ??
