Red Hat Security - patch numbers

This is Interesting: Free IT Magazines  
Home > Archive > Red Hat Security > March 2004 > patch numbers





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author patch numbers
Joseph Ishak

2004-03-03, 5:35 pm

Hi

I am wondering if someone can help me decipher if there is
a linux equivalent to windows patch numbers. My boss says
yes and I say no. I have never seen linux patch numbers
and it is my understanding that everything tracked in linux
is done so by the version number of the package. An example
would be someone releasing some exploit for Internet Explorer.
Microsoft decides to fix it and release a patch on windows
update for it. You download and install patch #Q323255 and
then in Add/Remove programs you get something like:

Windows XP Hotfix (SP2) [See Q323255 for more information]

Does anyone know of anything like this for any distribution
of Linux?

Joe

Alexander Dalloz

2004-03-03, 7:35 pm

On Wed, 03 Mar 2004 21:46:19 +0000 Joseph Ishak wrote:

> Hi
>
> I am wondering if someone can help me decipher if there is
> a linux equivalent to windows patch numbers. My boss says
> yes and I say no. I have never seen linux patch numbers
> and it is my understanding that everything tracked in linux
> is done so by the version number of the package. An example
> would be someone releasing some exploit for Internet Explorer.
> Microsoft decides to fix it and release a patch on windows
> update for it. You download and install patch #Q323255 and
> then in Add/Remove programs you get something like:
>
> Windows XP Hotfix (SP2) [See Q323255 for more information]
>
> Does anyone know of anything like this for any distribution
> of Linux?
>
> Joe

No, there are no cross distribution bugfixing / patch numbers. There are
only central organisations announcing and describing vulnerabilities. If
you look at the messages at bugtraq from securityfocus you see that
companies refer to those announcement numbers, but the have individual
package numbering scheme.

Examples:

________________________________________
____________________________________
SGI Security Advisory Title : SGI Advanced
Linux Environment security update #13 Number : 20040301-01-U Date
: March 3, 2004 Reference : Redhat Advisory RHSA-2004:090-06,
CAN-2004-0110 Reference : Redhat Advisory RHSA-2004:058-08, CAN-2003-0973
Fixed in : Patch 10056 for SGI ProPack v2.4 and SGI ProPack v2.3
________________________________________
________________________________


________________________________________
______________________________________
SCO Security AdvisorySubject:
OpenLinux: rsync heap based overflowAdvisory number:
CSSA-2004-010.0Issue date: 2004 March 02Cross reference:
sr888533 fz528609 erg712514 CAN-2003-0962
________________________________________
________________________________


Package : kernel-source-2.2.22,
kernel-image-2.2.22-alphaVulnerability : failing function and TLB
flushProblem-Type : localDebian-specific: noCVE ID :
CAN-2004-0077


Redhat example:

Security Advisory -
RHSA-2004:091-07------------------------------------------------------------------------------Summary:Updated
libxml2 packages fix security vulnerability


Alexander


--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com