|
Page 1 of 4 Security Updates for Red Hat Linux As security vulnerabilities are discovered, the affected software must be updated in order to limit any potential security risks. If the software is part of a package within an Red Hat Enterprise Linux distribution that is currently supported, Red Hat, Inc. is committed to releasing updated packages that fix the vulnerability as soon as possible. Often, announcements about a given security exploit are accompanied with a patch (or source code that fixes the problem). This patch is then applied to the Red Hat Enterprise Linux package, tested by the Red Hat quality assurance team, and released as an errata update. However, if an announcement does not include a patch, a Red Hat developer works with the maintainer of the software to fix the problem. Once the problem is fixed, the package is tested and released as an errata update.
If an errata update is released for software used on your system, it is highly recommended that you update the effected packages as soon as possible to minimize the amount of time the system is potentially vulnerable. 3.1. Updating Packages When updating software on a system, it is important to download the update from a trusted source. An attacker can easily rebuild a package with the same version number as the one that is supposed to fix the problem but with a different security exploit and release it on the Internet. If this happens, using security measures such as verifying files against the original RPM does not detect the exploit. Thus, it is very important to only download RPMs from trusted sources, such as from Red Hat, Inc. and check the signature of the package to verify its integrity. Red Hat offers two ways to find information on errata updates: Listed and available for download on Red Hat Network Listed and unlinked on the Red Hat Errata website
 | Note |
|---|
| | Beginning with the Red Hat Enterprise Linux product line, updated packages can be downloaded only from Red Hat Network. Although the Red Hat Errata website contains updated information, it does not contain the actual packages for download. |
3.1.1. Using Red Hat Network Red Hat Network allows the majority of the update process to be automated. It determines which RPM packages are necessary for the system, downloads them from a secure repository, verifies the RPM signature to make sure they have not been tampered with, and updates them. The package install can occur immediately or can be scheduled during a certain time period. Red Hat Network requires a System Profile for each machine to be updated. The System Profile contains hardware and software information about the system. This information is kept confidential and is not given to anyone else. It is only used to determine which errata updates are applicable to each system, and, without it, Red Hat Network can not determine whether a given system needs updates. When a security errata (or any type of errata) is released, Red Hat Network sends an email with a description of the errata as well as a list of systems which are affected. To apply the update, use the Red Hat Update Agent or schedule the package to be updated through the website http://rhn.redhat.com.  | Tip |
|---|
| | Red Hat Enterprise Linux includes the Red Hat Network Alert Notification Tool, a convenient panel icon that displays visible alerts when there is an update for a registered Red Hat Enterprise Linux system. Refer to the following URL for more information about the applet: http://rhn.redhat.com/help/basic/applet.html |
To learn more about the benefits of Red Hat Network, refer to the Red Hat Network Reference Guide available at http://www.redhat.com/docs/manuals/RHNetwork/ or visit http://rhn.redhat.com.  | Important |
|---|
| | Before installing any security errata, be sure to read any special instructions contained in the errata report and execute them accordingly. Refer to Section 3.1.5 Applying the Changes for general instructions about applying the changes made by an errata update.
|
|
