[2200] in linux-security and linux-alert archive
[linux-security] Re: [RHSA-1999:029-01] Denial of service attack
daemon@ATHENA.MIT.EDU (Sergio Ballestrero)
Sat Aug 21 02:12:41 1999
Date: Sat, 21 Aug 1999 01:41:38 +0200 (CEST)
From: Sergio Ballestrero <s.ballestrero@c-sistemi.it>
To: Rogier Wolff <R.E.Wolff@BitWizard.nl>
In-Reply-To: <199908202231.AAA02539@cave.BitWizard.nl>
ReSent-From: Sergio Ballestrero <s.ballestrero@c-sistemi.it>
ReSent-To: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Sat, 21 Aug 1999, Rogier Wolff wrote:
> Dan Stromberg wrote:
> >
> > Is redhat 5.1 immune to the attack? Or is it no longer supported for
> > patches? It seems strange that both 4.2 and 5.2 are vulnerable, but
>
> You're allowed to lag one major behind. So while red Hat is releasing
> 6.0, 6.1, 6.2 etc, you're allowed to stay on 5.2. If you're on 5.1 or
> 5.0 you should always upgrade to 5.2. No way around it. That's what
> they told me about a year ago.
>
> The 5.x -> 5.2 upgrade is supposed to be relatively painless. If you
> REALLY know what you're doing, you could only upgrade the essential
> parts. (i.e. the packages that had security issues).
As far as i know (and remember - it's a few months that i run 6.0 )
there's practically no difference between a fully updated 5.1 and a 5.2.
So after you have installed all the 5.1 updates, you can quite painlessly
start installing the 5.2 updates. I basically did the 5.1->5.2 upgrade "by
hand", and had no real problem - but don't try this with major releases.
Cheers, Sergio
PS i do have a "rpm_upd" perl script that does some sanity checks before
installing an upgrade (no install if any file has been modified and the
alikes). Mail me if you want it.
--------------------------------------------------------------------------
Things will get better despite Sergio Ballestrero
our efforts to improve them. Sergio.Ballestrero@cern.ch
-- Will Rogers S.Ballestrero@iname.com
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
