Risk report: Three years of Red Hat Enterprise Linux 4

Mark J Cox, the Director of the Red Hat Security Response Team, published an update to RHEL 4 risk report:

Red Hat® Enterprise Linux® 4 was released on February 15th, 2005. This report takes a look at the state of security for the first three years from
release.

Two of the lines in the conclusion are:

A default installation of Enterprise Linux 4 AS was vulnerable to seven critical security issues over the first three years.

A customised installation of Enterprise Linux 4, selecting every package, would have been vulnerable to 76 critical browser security issues, and 11 in non-browser packages in the three years.

But I doubt how many people use the default installation “as is” or are fulish enough in install everything. I would like to know the security effect of RHEL4 minimal installation, as this my way to install RHEL.

It will also be interesting to see similar reports from other distributions, especially on the response times, as I guess most security issues are common anyway due to shared applications.

Leave a comment

Filed under Red Hat Enterprise Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s