IUS Community Project

Does IUS support yum update --security?

Asked by Martin Smith

Hello! IUS looks very valuable. But I was wondering -- does it have security errata filed against it? In other words, will "yum update --security" upgrade any packages from IUS that have known security vulnerabilities? Or is that even tracked for IUS packages?

My best guess from the documentation is that IUS just ships new packages regularly anyway, so updating them wholesale (say implementing a policy of always updating php53 if there's an update) is always the best option, as there's no way to tell which updates contain security vulnerability fixes vs. which don't.

Thanks in advance,

Martin

Question information

Language:
English Edit question
Status:
Answered
For:
IUS Community Project Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jeffrey Ness (jeffrey-ness) said : 		#1

Hello Martin,

Thanks for putting in this question today.

IUS does not use this feature for packages, when CVEs are discovered
a bug will be created on our public bug tracker. In side the package we will
add a %changelog saying which CVEs are addressed.

Jeffrey-

Can you help with this problem?

Provide an answer of your own, or ask Martin Smith for more information if necessary.

To post a message you must log in.