I respectfully disagree -- I really do not attempt to distribute the IBM 
marketing tactic of "fear, uncertainty, doubt" (adopted by other 
entities as well).  However, when Ubuntu LTS lists an update as a 
security update, I do take notice.  SL derived from RHEL did the same if 
memory serves.  You might look at some of the Black Hat and similar 
"conference" proceedings for various exploits and compromises, more 
common with closed source and thus an insufficient number of source code 
"readers".

On 1/9/23 18:09, Konstantin Olchanski wrote:
> On Mon, Jan 09, 2023 at 03:26:33PM -0800, Yasha Karant wrote:
>>
>> The SL6 issue is a different matter.  Not only are various
>> applications vulnerable to compromises from the Internet, but so is
>> the kernel as well as kernel systems support software.
>>
> 
> This is FUD. Which applications, which exploits? AFAIK, there is
> no remote exploits against SL6 ssh, there is no remote exploits
> against SL6 apache and there is no remote exploits agaist SL6 linux
> kernels. If you know otherwises, please post a list of applicable CVEs.
>