From owner-freebsd-questions@FreeBSD.ORG Wed Mar 2 22:32:21 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE3E316A4CE for ; Wed, 2 Mar 2005 22:32:21 +0000 (GMT) Received: from mail.rot-1.de (rot-1.de [213.146.120.136]) by mx1.FreeBSD.org (Postfix) with ESMTP id AFD9D43D55 for ; Wed, 2 Mar 2005 22:32:20 +0000 (GMT) (envelope-from stevan@rot-1.de) Received: from mail.rot-1.de (localhost.rot-1.de [127.0.0.1]) by mail.rot-1.de (8.12.10/8.12.10) with ESMTP id j22MWEvj026207; Wed, 2 Mar 2005 23:32:14 +0100 (CET) (envelope-from stevan@mail.rot-1.de) Received: from localhost (stevan@localhost)j22MWDKm026204; Wed, 2 Mar 2005 23:32:13 +0100 (CET) (envelope-from stevan@mail.rot-1.de) Date: Wed, 2 Mar 2005 23:32:12 +0100 (CET) From: Stevan Tiefert To: Nathan Kinkade In-Reply-To: <20050302202835.GU3678@gentoo-npk.bmp.ub> Message-ID: <20050302233024.D26188@mail.rot-1.de> References: <20050302162016.W24958@mail.rot-1.de> <20050302154409.GO3678@gentoo-npk.bmp.ub> <20050302161524.GR3678@gentoo-npk.bmp.ub> <20050302174545.GT3678@gentoo-npk.bmp.ub> <20050302202835.GU3678@gentoo-npk.bmp.ub> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: security advisories and the creating time of my system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2005 22:32:22 -0000 On Wed, 2 Mar 2005, Nathan Kinkade wrote: > On Wed, Mar 02, 2005 at 06:53:21PM +0100, Stevan Tiefert wrote: > > > > > > > Hello Nathan, > > > > > > > > I need the date/time to decide if I need to download a version from the > > > > ftp-server in belief I would not need to patch my system anymore. But you > > > > are writing there is a better method to decide when a download is > > > > necessary or not? Which one? > > > > > > No, I don't mean to imply that there is a better method. It just > > > depends on what you are trying to determine. If you regularly use cvsup > > > to update your sources and you have cvsup'd since the correction date of > > > the security warning then you don't need to download the patch, as you > > > would already have merged the corrections into the source tree on your > > > local machine. In that case, you could just recompile the utility, or > > > the kernel, as they case may be. If you have no idea whether you have > > > sync'd your sources since the correction date of the security date, then > > > you can alway look at the CVS version string in the file in question. > > > It will look something like: > > > > > > $FreeBSD: src/sbin/ifconfig/ifconfig.c,v 1.92 2003/10/26 04:36:47 peter Exp $ > > > > > > Basically, if your sources, or the particular source file in question, > > > are not newer than correction date listed in the security alert then you > > > need to follow the directions to fix or workaround the problem. > > > > > > Nathan > > > > Hello Nathan, > > > > in a security advisory in part V. is written: > > > > V. Solution > > > > Perform one of the following: > > > > 1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the > > RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated > > after the correction date. > > > > Can you say me how to get of a running system the date? Because if the > > system is after the correction date I do not have to download via ftp. If > > not I have to... > > It sounds like you might want to take a look at the FreeBSD handbook > regarding keeping your system up to date. You might start here: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html > > In short, if the date that `uname -v` reveals is older than the > corrections date listed in the security alert, AND you haven't already > specifically taken any measures to fix the problem yourself, then your > system probably is still affected by the problem detailed in the > security alert. In this case you may want to do one of the two > following things (depending on whether the alert even applies to you): > > 1) Follow the directions in the alert for patching your system, or > 2) Syncronize your source tree and rebuild the kernel and/or system. > > Nathan > Hello Nathan, thanks for your advise. It helped me a lot understanding the system. Thanks also for your patience! With regards Stevan Tiefert