[Gllug] [Fwd: SSH Security Advisory: Centos (and other distros)]
Daniel P. Berrange
dan at berrange.com
Wed Jul 8 10:00:11 UTC 2009
On Wed, Jul 08, 2009 at 08:32:08AM +0100, Andy Millar wrote:
> On Wed, 2009-07-08 at 08:23 +0100, Jon Fautley wrote:
> >
> > So you've got an email from someone asking you to go and install some
> > "random" SSH RPMs from a non-vendor site, because of a security hole
> > they're not disclosing (or, in fact, confirming)?
>
> Given that we have Red Hat Employees people on this list, can anyone
> from Red Hat actually confirm or deny that this is an issue.
You can't really expect random Red Hat employees to contribute
official answers to this kind of rumour, even if they knew something
of interest, which they almost certainly don't. As an employee,
you have *zero* extra knowledge of security issues before they are
published unless it is a package that you are the maintainer of.
This is how it should be. Security issues are handled on a "need to
know" basis, responses coordinated between all vendors' security
teams.
I can say though, that anyone who discovers, or has questions about
possible security problems in Red Hat products should direct them
to the Red Hat security team:
http://www.redhat.com/security/team/contact/
[quote]
What you should use secalert at redhat.com for:
* If you have found a security vulnerability with a
Red Hat product or service
* If you are unsure about how a known vulnerability
affects a Red Hat product or service
Email communications sent to secalert at redhat.com will be
read and acknowledged with a non-automated response
within 3 working days.
[/quote]
Regards,
Daniel
--
|: http://berrange.com/ -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://freshmeat.net/~danielpb/ -o- http://gtk-vnc.sourceforge.net :|
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list