[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SUN don't care about security update ?

Subject: Re: [cobalt-security] SUN don't care about security update ?
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Thu, 14 Mar 2002 14:24:58 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Leo,

> I'm very disapointed for the sun attitude about security upgrade of the
> cobalt. When there is important holes (like in PHP these days), they MUST
> provide upgrade in the hours like all Linux, *BSD, Unix system have do.

SUN/Cobalt sure hasn't the ressources to do this. SUN might have it, the 
Cobalt division perhaps hasn't. Todays patch for the RaQ3 is a prime example 
to that: RaQ3-All-Security-4.0.1-13453.pkg (Glibc update). It fixes a glibc 
vulnerability which was published on 17th December 2001. 

Whoops: It took SUN/Cobalt almost to the day *three months* to release the 
patch. 

Sure, glibc is no trivial matter to mess with, but the recent zlib issue is 
of similar scale as it affects a wide spread set of applications, binaries 
and libraries. Well, maybe we can expect a patch for that in three months as 
well? Oh my ... what a perespective.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- [cobalt-security] SUN don't care about security update ?
  - From: cobalt-security

Prev by Date: [cobalt-security] New Qube3 VPN support
Next by Date: [cobalt-security] Percent Used: 607 %
Previous by thread: [cobalt-security] SUN don't care about security update ?
Next by thread: Re: [cobalt-security] SUN don't care about security update ?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index