Making sense of security patches
From: Anonymous (me_at_me.com)
Date: 04/29/03
- Previous message: Anonymous: "Re: Using SSH from 5.0.7 on earlier releases"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Apr 2003 20:55:22 GMT
Hi all, I was wondering how SCO handles there security patches for
Openserver. SCO's website is not very clear about it. At the moment SCO
appears to release three types of patches that can relate to security:
1. Major/Minor patches and supplements (ie. rs506a or oss636a),
2. Security Advisories (ie. CSSA-2002-SCO.39)
3. SSE's (ie sse012)
It appears SCO stopped doing SSEs back in 2001 and that "Security
Advisories" have replaced SSEs. Some of the major and minor supplements
also contain security fixes. SSE state that they are unofficial patches
and are not fully tested. The security advisories don't state anything
about be official or tested. Are the updated files suppled with security
advisories offical and tested? Its also hard to tell if the security
advisories and supplements conflict with each other. For example
CSSA-2002-SCO.39 and oss640a are both patches for the BIND daemon.
oss640a is a security patch but doesn't say when it was released or give
a version number. I can only assume oss640a than CSSA-2002-SCO.39
because the file date of oss640a is a few month older than when
CSSA-2002-SCO.39 was issued.
ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39/CSSA-2002-SCO.39.txt
ftp://ftp.sco.com/pub/openserver5/oss640a/oss640a.ltr
Can anyone provide a little insight on their personal experience dealing
with issues like this.
Thanks,
Jay
*please respond to the newsgroup sense my email is not real.
- Previous message: Anonymous: "Re: Using SSH from 5.0.7 on earlier releases"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
