Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Feb 2012 06:52:05 +0100
From:      Bernt Hansson <bah@bananmonarki.se>
To:        alexus <alexus@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: freebsd package update / upgrade
Message-ID:  <4F448285.7010804@bananmonarki.se>
In-Reply-To: <CAJxePNKHkWEP%2BtTw8re7S%2BsqcJEgZg89zMyom_6ooRudvpdAjw@mail.gmail.com>
References:  <CAJxePNLc=r5FqH%2BAgjkhbTEyamw=oc2X899bxxEk9Ldm0c=cAQ@mail.gmail.com> <201202030915.42976.erichfreebsdlist@ovitrap.com> <CAJxePNKHkWEP%2BtTw8re7S%2BsqcJEgZg89zMyom_6ooRudvpdAjw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
2012-02-22 04:56, alexus skrev:

> all I want is to update these
>
> f9# portaudit -a
> Affected package: python27-2.7.2_3
> Type of problem: Python -- DoS via malformed XML-RPC / HTTP POST request.
> Reference: http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html

portupgrade -iR (use p also if you want to build a package) python27

> Affected package: sudo-1.8.3_1
> Type of problem: sudo -- format string vulnerability.
> Reference: http://portaudit.FreeBSD.org/7c920bb7-4b5f-11e1-9f47-00e0815b8da8.html

portupgrade -iR(p) sudo

> Affected package: ruby-1.8.7.352_2,1
> Type of problem: Multiple implementations -- DoS via hash algorithm collision.
> Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html

portupgrade -iR(p) ruby

> 3 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s) immediately.
> f9#
>
> P.S. why is it pkg_add installing vulnerable versions at the first
> place? i just installed ruby and already is a problem??

Because pakages are built for *-RELEASE



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F448285.7010804>