Redhat have released an interesting report into the security risks associated with Redhat Enterprise Linux 4 over the past 2 years.
It’s interesting to notice that almost all of the critical flaws were with GUI-based applications (in particular Mozilla products), which shows that a Linux server not running user GUI apps, is pretty damn secure.
In fact, in a server Linux install, there were only 2 exploits that would permit a remote user to gain local privileges without requiring user interaction – one in sendmail and the other in mod_auth_pgsql!
LWN also have some commentary on this report.
