Red Hat security hole fixed in less than 24 hours

The highly publicised security flaw identified in Red Hat's most recent Linux operating system was fixed quickly thanks to the open source community.

Linux guru Kurt Seifried alerted vulnerability disclosure mailing list VulnWatch of the problem. He found that two files in Red Hat Linux 7.2 did not have the digital signatures that would verify they had not been tampered with.

In theory, anyone could tinker with these files on the download site unbeknown to users.

Red Hat claims the open source community fixed the hole less than 24 hours after the OS was released on 22 October.

Jon Fautley of the UK Linux Users Group said: "This is an excellent example of open source in action. Yes, the security hole was probably discovered a lot quicker because the source code is available.

"There are many security vulnerabilities that have been found in both proprietary software and open source software that have been fixed in a few hours of discovery, but in the closed source world, it's taken about six months for a patch to be released."

Roger Whittaker, technical consultant at SuSe Linux, claimed the 'security through obscurity' stance of proprietary vendors prevents holes being located by sources outside the company.

He said: "You can't see the source so you have to take the vendors' word for it. The open source method ensured that in this case the problem was identified quickly and addressed."

Alan Cox, number two on the Linux kernel team, added: "The big problem in the proprietary world is often not the time to get a fix - and some vendors like IBM really do deliver fast fixes - it is the fact you can't fix a problem yourself if you find one."