[Bug 493607] Re: rkhunter reports openssl and sshd versions out of date
Andrew Cholakian
andrewvc at gmail.com
Fri Dec 18 00:52:16 UTC 2009
furicle, while it is true that Ubuntu backports fixes from upstream
versions its incorrect to say that the version number doesn't change.
For instance, on Hardy at the moment the current version of PHP is PHP
5.2.4-2ubuntu5.9 , Ubuntu doesn't increment the 5.2.4-2 part, but it
does increment the ubuntu5.9 part. For the white list scheme to work,
every Ubuntu package rkhunter looks at would have to synchronize its
releases with concurrent updates of the rkhunter white list. That hardly
seems worth it to me.
Additionally, since those applications would be white listed, the user
wouldn't even know they were vulnerable unless they somehow updated
rkhunter with updating any other packages (since those other packages
would presumably already be patched). The white list just doesn't make
sense with Ubuntu packages.
The only real solution is to maintain a separate version of rkhunter's
bad package database, and I don't see anyone volunteering to do that. I
personally hardly think its worth it.
--
rkhunter reports openssl and sshd versions out of date
https://bugs.launchpad.net/bugs/493607
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list