SuSE still haven't patched all their products - so RedHat is a little bit faster.
Of course , you can always switch to openBSD
Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.
Where is the Dovecot security fix????
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Where is the Dovecot security fix????
Hello
does this page not fix the problem https://repo.dovecot.org/#centos ?
does this page not fix the problem https://repo.dovecot.org/#centos ?
Re: Where is the Dovecot security fix????
That means going outside the distro and that's not really the right way to fix it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Where is the Dovecot security fix????
Just because SuSE is even slower than RedHat does not make this any better!
I critical security issue should not take months to be fixed!
It should rather be days instead!
I critical security issue should not take months to be fixed!
It should rather be days instead!
- KernelOops
- Posts: 428
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Where is the Dovecot security fix????
I've been tracking this bug for several weeks now and it seems like redhat does not see it as a critical issue.
Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.
Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.
--
R.I.P. CentOS
--
R.I.P. CentOS
--
Re: Where is the Dovecot security fix????
As a followup question, does anyone know why RHEL 8 includes the same ancient version (2.2.36) of dovecot that RHEL 7 does? Why wouldn't they have moved to the 2.3 series?