Of course , you can always switch to openBSD
Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.
Where is the Dovecot security fix????
-
hunter86_bg
- Posts: 2016
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Where is the Dovecot security fix????
SuSE still haven't patched all their products - so RedHat is a little bit faster.
Of course , you can always switch to openBSD
Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.
Of course , you can always switch to openBSD
Edit: I'm pretty sure that enterprise (paying) customers got the fix earlier.
Re: Where is the Dovecot security fix????
Hello
does this page not fix the problem https://repo.dovecot.org/#centos ?
does this page not fix the problem https://repo.dovecot.org/#centos ?
Re: Where is the Dovecot security fix????
That means going outside the distro and that's not really the right way to fix it.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke
Re: Where is the Dovecot security fix????
Just because SuSE is even slower than RedHat does not make this any better!
I critical security issue should not take months to be fixed!
It should rather be days instead!
I critical security issue should not take months to be fixed!
It should rather be days instead!
-
KernelOops
- Posts: 278
- Joined: 2013/12/18 15:04:03
- Location: xfs file system
Re: Where is the Dovecot security fix????
I've been tracking this bug for several weeks now and it seems like redhat does not see it as a critical issue.
Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.
Maybe because its quite hard to exploit this bug without authenticating first, so only known users would pose a real threat. I am not sure what their reasoning is for delaying the fix on purpose.
--
I love my computer - all my friends live there.
--
I love my computer - all my friends live there.
--
Re: Where is the Dovecot security fix????
As a followup question, does anyone know why RHEL 8 includes the same ancient version (2.2.36) of dovecot that RHEL 7 does? Why wouldn't they have moved to the 2.3 series?