| 34 | | As an example vulnerability announcement, here are the emails from both Ubuntu and CentOS Security lists regarding the libc vulnerability announced on in February 2016. For [https://lists.centos.org/pipermail/centos-announce/2016-February/021668.html CentOS]] and for [https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-February/003305.html Ubuntu]. Of note, these emails are only sent '''after''' a fix has been posted. How does one know there is a problem in the first place? If it's a big enough deal, [https://slashdot.org/ slashdot], or other news sites, will cover it. In most cases, the OS vendors release patches the same day as the bug is publicly announced, as they are coordinating amongst themselves and with the upstream developers. As was the case with this libc bug in February. |
| | 34 | As an example vulnerability announcement, here are the emails from [https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-February/003305.html Ubuntu] and [https://lists.centos.org/pipermail/centos-announce/2016-February/021668.html CentOS] Security lists regarding the libc vulnerability announced on in February 2016. Of note, these emails are only sent '''after''' a fix has been posted. How does one know there is a problem in the first place? If it's a big enough deal, [https://slashdot.org/ slashdot], or other news sites, will cover it. In most cases, the OS vendors release patches the same day as the bug is publicly announced, as they are coordinating amongst themselves and with the upstream developers. As was the case with this libc bug in February. |
