Security Updates; Updating Packages; Using Red Hat Network - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Hide thumbs Also See for ENTERPRISE LINUX 4 - SECURITY GUIDE:

Manual (410 pages)

System administration manual (400 pages)

Administration manual (200 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

page of 136

/ 136
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 3.

Security Updates

As security vulnerabilities are discovered, the affected software must be updated in order to limit

any potential security risks. If the software is part of a package within an Red Hat Enterprise Linux

distribution that is currently supported, Red Hat, Inc is committed to releasing updated packages that

fix the vulnerability as soon as possible. Often, announcements about a given security exploit are

accompanied with a patch (or source code that fixes the problem). This patch is then applied to the

Red Hat Enterprise Linux package, tested by the Red Hat quality assurance team, and released as

an errata update. However, if an announcement does not include a patch, a Red Hat developer works

with the maintainer of the software to fix the problem. Once the problem is fixed, the package is tested

and released as an errata update.

If an errata update is released for software used on your system, it is highly recommended that you

update the effected packages as soon as possible to minimize the amount of time the system is

potentially vulnerable.

3.1. Updating Packages

When updating software on a system, it is important to download the update from a trusted source. An

attacker can easily rebuild a package with the same version number as the one that is supposed to

fix the problem but with a different security exploit and release it on the Internet. If this happens, using

security measures such as verifying files against the original RPM does not detect the exploit. Thus, it

is very important to only download RPMs from trusted sources, such as from Red Hat, Inc and check

the signature of the package to verify its integrity.

Red Hat offers two ways to find information on errata updates:

1. Listed and available for download on Red Hat Network

2. Listed and unlinked on the Red Hat Errata website

Note

Beginning with the Red Hat Enterprise Linux product line, updated packages can be

downloaded only from Red Hat Network. Although the Red Hat Errata website contains

updated information, it does not contain the actual packages for download.

3.1.1. Using Red Hat Network

Red Hat Network allows the majority of the update process to be automated. It determines which RPM

packages are necessary for the system, downloads them from a secure repository, verifies the RPM

signature to make sure they have not been tampered with, and updates them. The package install can

occur immediately or can be scheduled during a certain time period.

Red Hat Network requires a System Profile for each machine to be updated. The System Profile

contains hardware and software information about the system. This information is kept confidential

and is not given to anyone else. It is only used to determine which errata updates are applicable to

each system, and, without it, Red Hat Network can not determine whether a given system needs

updates. When a security errata (or any type of errata) is released, Red Hat Network sends an email

with a description of the errata as well as a list of systems which are affected. To apply the update,

Table of Contents

Security Updates; Updating Packages; Using Red Hat Network - Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE Manual

Security Updates

3.1. Updating Packages

3.1.1. Using Red Hat Network

Related Manuals for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE

Related Content for Red Hat ENTERPRISE LINUX 4 - SECURITY GUIDE

Table of Contents