upcoming release 6.1: old version of some core components
Kris Kennaway
kris at obsecurity.org
Tue Apr 11 20:37:30 UTC 2006
On Tue, Apr 11, 2006 at 05:46:06PM +0200, No at SPAM@mgEDV.net wrote:
>
> > I can't answer you main question, but I would say that you can bet your
> >shirt on the fact that there will be no known security issues in the
> > older packages.
>
> > At least for openssl and openssh you can get latest versions through the
> > ports. Not an option for everything -- I see no zlib for example and I
> > don't believe there's a standard cvs port either.
>
> as for zlib i definitely know, that there are 2 security flaws, which can
> lead to problems when invalid compressed data is feeded.
Already fixed as soon as they were published. Are there other reasons
to upgrade?
> my problem also is not the installation of ports/packages/custom compiles,
> it's more that the operating system components itself are linked against
> these older libraries an therefore will contain bugs, which may have been
> already solved.
The other side of this is that newer versions are often incompatible
(OpenSSL, I'm looking at you), which rules out upgrading the version
in a FreeBSD-STABLE branch since it ruins binary compatibility.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060411/a8404b16/attachment.pgp
More information about the freebsd-questions
mailing list