Date: Wed, 2 Mar 2005 14:28:35 -0600 From: Nathan Kinkade <nkinkade@ub.edu.bz> To: Stevan Tiefert <stevan@rot-1.de> Cc: freebsd-questions@freebsd.org Subject: Re: security advisories and the creating time of my system Message-ID: <20050302202835.GU3678@gentoo-npk.bmp.ub> In-Reply-To: <20050302185115.I25321@mail.rot-1.de> References: <20050302162016.W24958@mail.rot-1.de> <20050302154409.GO3678@gentoo-npk.bmp.ub> <4225E3D7.7030709@locolomo.org> <20050302161524.GR3678@gentoo-npk.bmp.ub> <20050302182210.U25321@mail.rot-1.de> <20050302174545.GT3678@gentoo-npk.bmp.ub> <20050302185115.I25321@mail.rot-1.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--AHVSF3we4xtO5oi5 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 02, 2005 at 06:53:21PM +0100, Stevan Tiefert wrote: <snip> > > > Hello Nathan, > > > > > > I need the date/time to decide if I need to download a version from t= he > > > ftp-server in belief I would not need to patch my system anymore. But= you > > > are writing there is a better method to decide when a download is > > > necessary or not? Which one? > > > > No, I don't mean to imply that there is a better method. It just > > depends on what you are trying to determine. If you regularly use cvsup > > to update your sources and you have cvsup'd since the correction date of > > the security warning then you don't need to download the patch, as you > > would already have merged the corrections into the source tree on your > > local machine. In that case, you could just recompile the utility, or > > the kernel, as they case may be. If you have no idea whether you have > > sync'd your sources since the correction date of the security date, then > > you can alway look at the CVS version string in the file in question. > > It will look something like: > > > > $FreeBSD: src/sbin/ifconfig/ifconfig.c,v 1.92 2003/10/26 04:36:47 peter= Exp $ > > > > Basically, if your sources, or the particular source file in question, > > are not newer than correction date listed in the security alert then you > > need to follow the directions to fix or workaround the problem. > > > > Nathan >=20 > Hello Nathan, >=20 > in a security advisory in part V. is written: >=20 > V. Solution >=20 > Perform one of the following: >=20 > 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the > RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated > after the correction date. >=20 > Can you say me how to get of a running system the date? Because if the > system is after the correction date I do not have to download via ftp. If > not I have to... It sounds like you might want to take a look at the FreeBSD handbook regarding keeping your system up to date. You might start here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.ht= ml In short, if the date that `uname -v` reveals is older than the corrections date listed in the security alert, AND you haven't already specifically taken any measures to fix the problem yourself, then your system probably is still affected by the problem detailed in the security alert. In this case you may want to do one of the two following things (depending on whether the alert even applies to you): 1) Follow the directions in the alert for patching your system, or 2) Syncronize your source tree and rebuild the kernel and/or system. Nathan --AHVSF3we4xtO5oi5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCJiHzO0ZIEthSfkkRAhsjAJ9vjxcOPX4Bgvgfwr5tjDDtjhZ8CQCdEUPA xd6VbjHkTQQP/DWrTveeX8c= =WwO5 -----END PGP SIGNATURE----- --AHVSF3we4xtO5oi5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050302202835.GU3678>