Updating bzip2 to remove potential security vulnerability

Bruce Cran bruce at cran.org.uk
Fri Oct 1 21:23:23 UTC 2010


On Fri, 1 Oct 2010 14:00:16 -0700
Jason <jhelfman at e-e.com> wrote:

> On Fri, Oct 01, 2010 at 04:59:40PM -0400, Jerry thus spake:
> >On Fri, 1 Oct 2010 12:14:20 -0500
> >Dan Nelson <dnelson at allantgroup.com> articulated:
> >
> >> You must have missed
> >> http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc ;
> >> patches for 6, 7, and 8 are available there, and freebsd-update has
> >> fixed binaries if you use that.
> >
> >Never saw it. So I am assuming that simply using something like:
> >
> >csup -L2 -h cvsup.FreeBSD.org
> >"/usr/src/share/examples/cvsup/standard-supfile"
> >
> >Then rebuild Kernel & World is not going to work. Is that correct?
> 
> The update instructions are in the announcement. Here is a snippet
> from it:

Or yes, you can just update to the latest sources via csup - it's been
fixed in all supported security branches as well as HEAD (see
http://svn.freebsd.org/viewvc/base/releng/8.1/UPDATING?view=log for
example).

-- 
Bruce Cran


More information about the freebsd-questions mailing list