Chapter 3.
Security Updates
As security exploits in software are discovered, the software must be fixed to close the possible se
curity risk. If the package is part of an official Red Hat Linux distribution that is currently supported,
Red Hat, Inc. is committed to releasing official updated packages that fix security holes as soon as
possible. If the announcement of the security exploit is accompanied with a patch (or source code that
fixes the problem), the patch is applied to the Red Hat Linux package, tested by the quality assur
ance team, and released as an official errata update. If the announcement does not include a patch, a
Red Hat Linux developer will work with the maintainer of the package to fix the problem. After the
problem is fixed, it is tested and released as an official errata update.
If you are using a package for which a security errata report is released, it is highly recommended
that you update to the security errata packages as soon as they are released to minimize the time your
system is exploitable.
Not only do you want to update to the latest packages that fix any security exploits, but you also want
to make sure the latest packages do not contain further exploits such as a trojan horse. A cracker can
easily rebuild a version of a package (with the same version number as the one that is supposed to fix
the problem) but with a different security exploit in the package and release it on the Internet. If this
happens, using security measures such as verifying files against the original RPM will not detect the
exploit. Thus, it is very important that you only download RPMs from official sources, such as from
Red Hat, Inc., and check the signature of the package to make sure it was built by the official source.
Red Hat offers two ways to retrieve official security updates:
1. Download from Red Hat Network
2. Downloaded from the official Red Hat Linux Errata website
3.1. Using Red Hat Network
Red Hat Network allows you to automate most of the update process. It determines which RPM
packages are necessary for your system, downloads them from a secure repository, verifies the RPM
signature to make sure they have not been tampered with, and updates them. The package install can
occur immediately or can be scheduled during a certain time period.
Red Hat Network requires you to provide a System Profile for each machine that you want updated.
The System Profile contains hardware and software information about the system. This information
is kept confidential and not give to anyone else. It is only used to determine which errata updates are
applicable to each system. Without it, Red Hat Network can not determine whether your system needs
updates. When a security errata (or any type of errata) is released, Red Hat Network will send you
an email with a description of the errata as well as which of your systems are affected. To apply the
update, you can use the Red Hat Update Agent or schedule the package to be updated through the
website http://rhn.redhat.com.
To learn more about the benefits of Red Hat Network, refer to the Red Hat Network Reference Guide
available at http://www.redhat.com/docs/manuals/RHNetwork/ or visit http://rhn.redhat.com.
3.2. Using the Errata Website
When security errata reports are released, they are published on the official Red Hat Linux Errata
website available at http://www.redhat.com/apps/support/errata/. From this page, select the product
and version for your system, and then select security at the top of the page to display only Red Hat
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved