LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-13-2004, 10:26 PM   #1
paulsh2k4
LQ Newbie
 
Registered: Aug 2004
Posts: 21

Rep: Reputation: 15
RedHat patches vs open source patches


Hello,

I recently converted to RH Linux 9.0 and am confused about patching.

For example, if I run a web server and have OpenSSL on my system and want to upgrade OpenSSL, I get the latest updates from RedHat using up2date. After running up2date my OpenSSL shows as version 0.9.7a-33.12, however Openssl.org shows that the latest secure version of Openssl is 0.9.7d.

I know RedHat does their own weird update names so that 0.9.7a-33.12 is SUPPOSED to be the same as the open source 0.9.7d. But how can I tell? If openssl.org claims that anything below 0.9.7d is vulnerable, and RedHat says 0.9.7a-33.12 is the latest and greatest version, how do I know 0.9.7a-33.12 contains the security fixes in 0.9.7d? I'm trying to find out an easy way here, because this issue apparently applies to other software as well and I don't know if I can just take RedHat's word for it that all security fixes are in their updates.

Thanks
 
Old 10-14-2004, 03:18 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
Basically it's that there's frequently a difference in the focus of release depending on where it comes from. Redhat will focus largely on stability and security, and while of course a package like openSSL is implictly about security, they will be introducing new features etc... So Redhat will take a step back and sepnd time a a particular release they like, and work on it until *they* think it's stable enough for their type of customer, which more and more recently is mid to high end businesses. So they'll back port exploit fixes and other individually submitted patches that they approve of, but there will be parts in the newer official releases that they can't test as much, and so will wait for it to mature before taking that release on board.

mind you... Redhat releases and still very much open source...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Applying MANY patches to kernel source declassified Linux - General 7 09-03-2005 07:00 AM
Why all the patches? hussar Linux From Scratch 5 06-02-2005 02:28 PM
Information on patches for older RedHat distro versions jason.hewitt Red Hat 3 12-13-2004 04:06 AM
getting patches buffed317 Linux From Scratch 4 08-15-2004 04:43 PM
patches Phil Healey Linux - Software 2 08-05-2003 01:38 AM


All times are GMT -5. The time now is 01:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration