Patch your Linux distros

There’s a nasty vulnerability in recent SSL libraries that an Apache-based worm is currently exploiting. The patch is obviously the most critical on machines that are running secure Apache sites. But if you don’t like vulnerabilities, and you shouldn’t, go get your distribution’s latest updates.
This is why I like Debian; a simple apt-get update && apt-get upgrade brings me right up to speed.

CERT pointed out that Apache installations that contain the ServerTokens ProductOnly directive in their httpd.conf file aren’t affected. (I added it under the ServerName directive in my file–it’s not present at all in Debian by default.) This will hurt Linux’s standings in Netcraft, but are you more interested in security or advocacy? Increasingly, I’m more interested in security. No point in bragging that you’re more secure than Windows. Someone might make you prove it. I’d rather let someone else prove it.

While you’re making Apache volunteer as little information as possible, you might as well make the rest of your OS as quiet as possible too. You can find some information on that in an earlier post here.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux