One of the biggest things that scared me about the Fedora Project was the fact that there really was not a company behind it to be “responsible” for it (Of course Red Hat is behind it, but it is not a commercial product). I was worried that security updates would take longer than I would be comefortable with.
The recent rsync vulnerability tested that, and Fedora passes with flying colors. Here are two stories that showed up in my news aggregator back to back this morning from Linux Today: Red Hat Linux Advisory: rsync and Fedora Linux Advisory: rsync.
There you have it folks. The Red Hat and Fedora security advisories and fixes were released at some point yesterday. I’m not going to bother tracking down which one was released first, because it does not really matter. It is true that Red Hat and Fedora were not the first distros to release fixes, but they both released a fix within 24 hours of the vulnerability becoming public. Grab your Fedora rpms or check the post for Red Hat RPMs. Keep those boxes patched. Of course up2date should work quite well also.
I don’t see Red Hat Enterprise Linux RPMs listed in the Linux Today article, but you can grab them from Red Hat’s Errata page.