Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 10-13-2004, 10:26 PM   #1
LQ Newbie
Registered: Aug 2004
Posts: 21

Rep: Reputation: 15
RedHat patches vs open source patches


I recently converted to RH Linux 9.0 and am confused about patching.

For example, if I run a web server and have OpenSSL on my system and want to upgrade OpenSSL, I get the latest updates from RedHat using up2date. After running up2date my OpenSSL shows as version 0.9.7a-33.12, however shows that the latest secure version of Openssl is 0.9.7d.

I know RedHat does their own weird update names so that 0.9.7a-33.12 is SUPPOSED to be the same as the open source 0.9.7d. But how can I tell? If claims that anything below 0.9.7d is vulnerable, and RedHat says 0.9.7a-33.12 is the latest and greatest version, how do I know 0.9.7a-33.12 contains the security fixes in 0.9.7d? I'm trying to find out an easy way here, because this issue apparently applies to other software as well and I don't know if I can just take RedHat's word for it that all security fixes are in their updates.

Old 10-14-2004, 03:18 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
Basically it's that there's frequently a difference in the focus of release depending on where it comes from. Redhat will focus largely on stability and security, and while of course a package like openSSL is implictly about security, they will be introducing new features etc... So Redhat will take a step back and sepnd time a a particular release they like, and work on it until *they* think it's stable enough for their type of customer, which more and more recently is mid to high end businesses. So they'll back port exploit fixes and other individually submitted patches that they approve of, but there will be parts in the newer official releases that they can't test as much, and so will wait for it to mature before taking that release on board.

mind you... Redhat releases and still very much open source...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Applying MANY patches to kernel source declassified Linux - General 7 09-03-2005 07:00 AM
Why all the patches? hussar Linux From Scratch 5 06-02-2005 02:28 PM
Information on patches for older RedHat distro versions jason.hewitt Red Hat 3 12-13-2004 04:06 AM
getting patches buffed317 Linux From Scratch 4 08-15-2004 04:43 PM
patches Phil Healey Linux - Software 2 08-05-2003 01:38 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration