Date: Wed, 22 Feb 2012 06:52:05 +0100 From: Bernt Hansson <bah@bananmonarki.se> To: alexus <alexus@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: freebsd package update / upgrade Message-ID: <4F448285.7010804@bananmonarki.se> In-Reply-To: <CAJxePNKHkWEP%2BtTw8re7S%2BsqcJEgZg89zMyom_6ooRudvpdAjw@mail.gmail.com> References: <CAJxePNLc=r5FqH%2BAgjkhbTEyamw=oc2X899bxxEk9Ldm0c=cAQ@mail.gmail.com> <201202030915.42976.erichfreebsdlist@ovitrap.com> <CAJxePNKHkWEP%2BtTw8re7S%2BsqcJEgZg89zMyom_6ooRudvpdAjw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2012-02-22 04:56, alexus skrev: > all I want is to update these > > f9# portaudit -a > Affected package: python27-2.7.2_3 > Type of problem: Python -- DoS via malformed XML-RPC / HTTP POST request. > Reference: http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html portupgrade -iR (use p also if you want to build a package) python27 > Affected package: sudo-1.8.3_1 > Type of problem: sudo -- format string vulnerability. > Reference: http://portaudit.FreeBSD.org/7c920bb7-4b5f-11e1-9f47-00e0815b8da8.html portupgrade -iR(p) sudo > Affected package: ruby-1.8.7.352_2,1 > Type of problem: Multiple implementations -- DoS via hash algorithm collision. > Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html portupgrade -iR(p) ruby > 3 problem(s) in your installed packages found. > > You are advised to update or deinstall the affected package(s) immediately. > f9# > > P.S. why is it pkg_add installing vulnerable versions at the first > place? i just installed ruby and already is a problem?? Because pakages are built for *-RELEASE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F448285.7010804>