We measure the overall risk of running Enterprise Linux 4 as a
function of two factors; the vulnerabilities and the threats. Our
first section covers the security vulnerabilities found in packages
that are part of Enterprise Linux 4 and the advisories that address
them. Our second section covers the threats by examining actual
exploitation of those vulnerabilities through exploits and
"All the data used to generate this report, tables, and graphs,
apply to Red Hat Enterprise Linux 4 AS from release day, 15
February 2005 to 14 February 2009 unless otherwise stated.
At first sight it may appear that Red Hat have released a lot of
updates for Enterprise Linux 4; in the last twelve months
publishing a total of 107 security advisories to address 251
individual vulnerabilities. But in reality this is by far a
worst-case metric, as it treats all vulnerabilities as equal,
regardless of their severity and assumes a system that has
installed every available package - which is not a default or even
a likely installation.
"With the release of Enterprise Linux 4, we started publishing
severity levels with package errata to help users determine which
advisories were the ones that mattered the most. Providing a
prioritised risk assessment helps customers to understand and
better schedule upgrades to their systems, being able to make a
more informed decision on the risk that each issue places on their
unique environment. Red Hat rates the impact of individual
vulnerabilities on a four-point scale designed to be an at-a-glance
guide to how worried Red Hat is about each security issue."
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.