All Questions
Tagged with patchingknown-vulnerabilities
12 questions
0votes
1answer
63views
Is using software without buying all available patches against security standards?
Canonical, the publishers of Ubuntu, create their own set of security patches for packages in Ububtu's "universe" repository of community-maintained software. They make these patches ...
- 313
0votes
3answers
182views
Is it recommended to patch announced vulnerability for unused services or features?
Sometimes vendors announce software upgrade to patch some discovered vulnerability in some feature or service which is not enabled in your system. Is it recommended to upgrade your software although ...
- 375
3votes
2answers
228views
How can I convey risks associated with out-of-support software?
Where or how can I find a list of only unpatched security exploits for an out-of-support operating system? I want to be sure I can inform server owners of the actual risks of staying on an obsolete OS....
- 133
3votes
3answers
134views
Java with LIS system
I'm not well versed in technology but have a problem that maybe you experts could answer. We have a software application that supports our laboratory - obviously must be secure. We want to be able to ...
3votes
1answer
683views
Is the 'SUIDGuard' patch safe to implement?
Can someone who really knows what they're looking at advise whether the patch published here by Stefan Esser is in fact safe to install? While I'm very concerned that Apple haven't published an ...
- 181
3votes
2answers
2kviews
Where to check if a specific OS / service is vulnerable despite being patched, because of a vendor's decision?
I need to discuss how to mitigate the risk of services which are vulnerable despite being patched (typically because they are not maintained by the vendor anymore, or because the vendor does not want ...
- 9,218
1vote
1answer
633views
Security risks if a server in not supported anymore
I have an SQL 2000 database server which is not supported by Microsoft anymore. We have our information security policy applied and even PCI requirements. What are the security risks that we might ...
2votes
4answers
1kviews
What is a good way to be alerted of major security patches for software I use? [duplicate]
I maintain a few webservers running ubuntu, apache, mysql, and python/django. I update all the libraries quarterly, but I'd like to update more often when a patch for a major vulnerability is released?...
- 271
1vote
1answer
231views
Notification or report for security problem of unix systems? [duplicate]
I have Unix systems (Solaris, Oracle,.Redhat etc.). I have to control all systems for security problem,bugs,patch,vulnerabilities. I'm looking for security information for all security issues. After ...
- 124
6votes
1answer
1kviews
Security announcement mailing list for Java
I didn't find a security announcement mailing list for Java (from Oracle). How to get notified about new Java patches? I am not interested in other Oracle products. For example Apple provides such a ...
- 1,491
1vote
1answer
182views
Zero day vulnerability appropriate corrective action
Is it appropriate for a software developer to provide zero day vulnerability corrections as at-user-discretion installers to apply patches or is it preferred to force it in cyclic updates? The reason ...
- 157
5votes
1answer
391views
Does every security patch get back ported to every .NET framework? Are there exceptions to the rule?
I can imagine a scenario where Microsoft will create a security patch for some versions of .NET and not others. This might occur in occasions it's too expensive to regression test and back port all ...
- 51.1k
