There was an errata for tcpdump (which is used by ethereal) https://rhn.redhat.com/errata/RHSA-2003-174.html With that errata, tcpdump runs as 'pcap' instead of as root by default. Does this make those possible problems less dangerous perhaps? I agree it looks like they should release an ethereal errata, but Q.A. takes time. Usually vendors are notified several weeks in advance of announcing security vulnerabilities so they have time to develop and Q.A. patches. Do you know if Red Hat was notified in advance of the announcement? --Jeremy On Wed, 2003-07-02 at 08:21, vincent wrote: > last month on June 11th there were a ton of security problems in ethereal > why has redhat not updated? last update I can find is April 23rd. for > something else: > http://ftp.redhat.com/pub/redhat/linux/updates/9/en/os/SRPMS/ > > The announcement can be found here. > http://www.ethereal.com/appnotes/enpa-sa-00010.html > > If we're vuln this should have been updated promptly. -- /=====================================================================\ | Jeremy Portzer jeremyp@xxxxxxxxx trilug.org/~jeremy | | GPG Fingerprint: 712D 77C7 AB2D 2130 989F E135 6F9F F7BC CC1A 7B92 | \=====================================================================/
Attachment:
signature.asc
Description: This is a digitally signed message part
