portaudit: recommended packages can't be installed

Kris Kennaway kris at obsecurity.org
Sat May 21 09:58:21 PDT 2005


On Sat, May 21, 2005 at 01:29:11PM +0000, Robert S wrote:
> 8I've just started playing around with FreeBSD.  One of my main
> priorities of an OS is ease of upgrading.  If I run portaudit, I get a
> list of insecure packages (here is an excerpt from the output):
> 
> Affected package: firefox-1.0.3,1
> Type of problem: mozilla -- code execution via javascript: IconURL
> vulnerability.
> Reference: <http://www.FreeBSD.org/ports/portaudit/eca6195a-c233-11d9-804c-02061b08fc24.html>
> 
> Affected package: kdelibs-3.4.0_1
> Type of problem: kdelibs -- kimgio input validation errors.
> Reference: <http://www.FreeBSD.org/ports/portaudit/06404241-b306-11d9-a788-0001020eed82.html>
> 
> 4 problem(s) in your installed packages found.
> 
> You are advised to update or deinstall the affected package(s) immediately.
> freebsd #
> 
> If I try to replace kdelibs with a binary package, or install it
> through ports (after doing a cvsup), I still get verion 3.4.0_1.
> 
> Are fixes not necessarily made available when security vulnerabilities
> are found?

Not instantly, of course..and in some cases they are not fixed for a
long time.  The third party software in the ports collection is
maintained to different standards depending on the project.  If you
have questions, you should contact those third party developers.

> Also -- is there a similar utility to portaudit and freebsd-update,
> that can be used on the base operating system (not through ports)?

freebsd update works on the base system.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050521/6476e6aa/attachment.bin


More information about the freebsd-questions mailing list