Jurgen, The short answer is you shouldn't have to know. Every security alert should give complete instructions including any necessary actions after the software is patched. But unfortunately this doesn't always happen. I hate to criticise Roman because he is doing a fantastic job churning out all these fixes, but on occasions the instructions aren't as clear as they might be. Maybe SuSE should get a documentation person to review the alerts before they go out. The ideal should be that the alerts are clear to someone who has just bought Linux and doesn't have previous system admin experience. Ambitious, but it ought to be possible. Regards, Bob On Sat, 14 Oct 2000, Jurjen Oskam wrote:
Hi everybody.
Consider the following scenario:
You have installed and actively use package X. Suppose an exploit is discovered for that package. SuSE provides a fix, and as a good admin you get the new RPM and install the fix. You do this with YaST1, so SuSEconfig is automatically run after installing.
According to YaST, the fix is installed. SuSEconfig ran OK. So everything seems like that you succesfully updated.
But: suppose the package was running when you updated? The running copy, is that (after SuSEconfig did its work) the old vulnerable version, or the new patched version?
....
============================================================== Bob Vickers R.Vickers@dcs.rhbnc.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhbnc.ac.uk/home/bobv Phone: +44 1784 443691