Tuesday, September 16, 2003
A Triple Header
The last couple of days have been fun (can you hear the sarcasm dripping from my voice?). Two days, three fairly serious remotely exploitable security holes? When it rains it pours. Oi vey.
First there was the cute little pine bug. Believe it or not I still use pine (a text terminal based email client). It beats the snot out of webmail when i'm on the road. Combine that with *&^%#^$ Mandrake's decision to drop pine packages left me having to build my own pine rpms *again*. I guess I can't crap on people who use Outlook anymore...
That was followed by the nifty mysql buffer overflow. I have roughly 20 servers providing mysql to almost 2,000 users. To make life more fun, Mandrake *STILL* hasn't released updated mysql rpms. I really don't like making MySQL rpms. Its always a massive drag. Arg... (How many days till friday?)
Someone must have known that I wasn't having enough fun yet so they rounded my day out with a massive openssl hole. Nothing like 0 day warning before this one was out in the wild. Pretty scarry considering the number of machines on the net that are running ssh these days. Very disappointed to find that Mandrake took even longer than Redhat to get a fix out. Atleast they got it out the same day.
I don't mean to be bashing Mandrake. I am little peeved at their slow response recently on security issues recently, but I can't blame them. Overall Mandrake is an excellent distribution. URPMI is a sysadmin's best friend. Think apt-get but rpms.
Oh well, hopefully tomorrow will be a better day.
First there was the cute little pine bug. Believe it or not I still use pine (a text terminal based email client). It beats the snot out of webmail when i'm on the road. Combine that with *&^%#^$ Mandrake's decision to drop pine packages left me having to build my own pine rpms *again*. I guess I can't crap on people who use Outlook anymore...
That was followed by the nifty mysql buffer overflow. I have roughly 20 servers providing mysql to almost 2,000 users. To make life more fun, Mandrake *STILL* hasn't released updated mysql rpms. I really don't like making MySQL rpms. Its always a massive drag. Arg... (How many days till friday?)
Someone must have known that I wasn't having enough fun yet so they rounded my day out with a massive openssl hole. Nothing like 0 day warning before this one was out in the wild. Pretty scarry considering the number of machines on the net that are running ssh these days. Very disappointed to find that Mandrake took even longer than Redhat to get a fix out. Atleast they got it out the same day.
I don't mean to be bashing Mandrake. I am little peeved at their slow response recently on security issues recently, but I can't blame them. Overall Mandrake is an excellent distribution. URPMI is a sysadmin's best friend. Think apt-get but rpms.
Oh well, hopefully tomorrow will be a better day.
