Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] iptables - version on suse cd
  • From: ic_admin <admin@xxxxxxxxxxxx>
  • Date: Tue, 10 Sep 2002 16:59:28 +0200
  • Message-id: <3D7E08D0.8000809@xxxxxxxxxxxx>
Bob,

I've running many machines with SuSE-OS and the versions are between SuSE7.0 and 8.0 . If I want to install the newest version (8.0) I have to fill so many holes with patches from the SuSE-Patch-section , and I only patch security-related things, why shouldn't I ask in this list to save time? This is the security list from SuSE, iptables is a security-related software, the people reading this list are often able to answer my question in one sentence - that's the reason I don't understand your answer.

//Ruediger


Bob Vickers wrote:

Ruediger,

This is an example of one of the most frequently asked questions
on the list. The question goes "why haven't SuSE upgraded to version y of
a product, because version x has security holes?".

The reason for the confusion is a subtle paradox and quite understandable.
If you as an individual are using a package for your own use and you hear
about a security hole then your natural course may well be to upgrade to
the latest version, because you get the latest bug fixes and nice shiny
new features as well as fixing the security hole. Occasionally you will
find there is some incompatibility with the old version so you do a bit of
work sorting this out.

If you are SuSE maintaining the package on behalf of lots and lots of
customers with lots of different configurations then the situation is very
different. If a small proportion of your customers hit problems because of
incompatibilities then that is very bad news. They may not have the
expertise to solve the problems, but they need to fix the security hole
fast. So for SuSE the best solution is to take the old package and make
the minimum number of changes needed to fix the security hole.
Occasionally there are so many holes this is impossible but generally this
is the right thing to do.

Bob

On Tue, 10 Sep 2002, ic_admin wrote:


Hi List,

just a question concerning iptables v 1.2.2 shipped with SuSE7.3 :

Is it OK to install this version? I saw there are newer versions
available at netfilter.org but in the SuSE-Update-Download-section no
update is available. Are the bugs not security-related?

Thanks for help and/or furthermore infos, links etc

Regards

Ruediger


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here



==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691






< Previous Next >
References