[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SUN don't care about security update ?
- Subject: Re: [cobalt-security] SUN don't care about security update ?
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 14 Mar 2002 14:24:58 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Leo,
> I'm very disapointed for the sun attitude about security upgrade of the
> cobalt. When there is important holes (like in PHP these days), they MUST
> provide upgrade in the hours like all Linux, *BSD, Unix system have do.
SUN/Cobalt sure hasn't the ressources to do this. SUN might have it, the
Cobalt division perhaps hasn't. Todays patch for the RaQ3 is a prime example
to that: RaQ3-All-Security-4.0.1-13453.pkg (Glibc update). It fixes a glibc
vulnerability which was published on 17th December 2001.
Whoops: It took SUN/Cobalt almost to the day *three months* to release the
patch.
Sure, glibc is no trivial matter to mess with, but the recent zlib issue is
of similar scale as it affects a wide spread set of applications, binaries
and libraries. Well, maybe we can expect a patch for that in three months as
well? Oh my ... what a perespective.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer