Red Hat Network allows the majority of the update process to be automated.It determines which RPM packages are necessary for the system, downloads them from a secure repository, verifies the RPM signature to make sure they have not been tampered with, and updates them.This means we are stuck with Python 2.4 on RHEL, and we can’t upgrade it as many components will likely break due to specific dependance on Python 2.4.
All our production servers run Red Hat Enterprise Linux (RHEL) 5 with the system supplied packages for the majority of applications we run, with the exception of PHP which we have a custom compiled version.
In the realms of gaining maximum performance then custom compilation of the likes of My SQL and Apache is beneficial but the advantage of using vendor supplied packages is that they are automatically maintained and updated.
This patch is then applied to the Red Hat Enterprise Linux package, tested by the Red Hat quality assurance team, and released as an errata update.
However, if an announcement does not include a patch, a Red Hat developer works with the maintainer of the software to fix the problem.
When updating software on a system, it is important to download the update from a trusted source.
An attacker can easily rebuild a package with the same version number as the one that is supposed to fix the problem but with a different security exploit and release it on the Internet.
If the software is part of a package within an Red Hat Enterprise Linux distribution that is currently supported, Red Hat, Inc is committed to releasing updated packages that fix the vulnerability as soon as possible.
Often, announcements about a given security exploit are accompanied with a patch (or source code that fixes the problem).
The IUS Community Project is aimed at providing up to date and regularly maintained RPM packages for the latest upstream versions of PHP, Python, My SQL and other common software specifically for Redhat Enterprise Linux.