Date: Fri, 26 Sep 2003 18:02:41 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Bill Moran <wmoran@potentialtech.com> Cc: questions@freebsd.org Subject: Re: Security patches and -p# Message-ID: <20030926170241.GA2511@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <3F746917.4070603@potentialtech.com> References: <3F746917.4070603@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 26, 2003 at 12:28:07PM -0400, Bill Moran wrote: > Hey, >=20 > I'm a bit confused, and it may just be a typo. >=20 > I recently updated a bunch of servers to patch the arp problem recently > announced: > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03%3A14.arp.= asc >=20 > Now, with the chaos in my life, plus getting physically ill during the la= st > few days, I've not been 100% sure I finished the upgrade on all these=20 > machines, > so I went around checking uname -a to make sure. >=20 > Every single machine I upgraded says 4.8-RELEASE-p5 >=20 > Now, the security advisory claims the problem is fixed in 4.8-RELEASE-p10. >=20 > I know that I completely updated at least _some_ of these machines ;) >=20 > Anyway. Is there a typo somewhere? Or am I misunderstanding the > bulliten? It depends on how you obtained the updated source code. If you used cvsup(1) to track the RELENG_4_8 branch, then you would have received inter-alia patches to sys/conf/newvers.sh and other files that control what the system says it's version number is. If you downloaded patches as detailed in the various security advisories, or if you compiled the patched code areas in detail, rather than running a general build and install, then you will generally have solved the security holes addressed by the advisories but you probably won't have updated the system version numbers. That's basically because the patch files supplied with security advisories address nothing but the problem at hand, in order that they can be applied to as many different system versions as possible. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/dHExdtESqEQa7a0RAtvYAJ9+Tt5gsMkodelyzH4cJ8cC+ll5qACfeAQJ fXJeduRUI9RjUUZ2N6q3+Pg= =sKkc -----END PGP SIGNATURE----- --DocE+STaALJfprDB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030926170241.GA2511>