No updates needed to update system to 8.2-RELEASE-p6 but still
on 8.2-RELEASE-p3
Nikola Pavlović
nzp at riseup.net
Sun Feb 19 17:50:01 UTC 2012
On Sun, Feb 19, 2012 at 05:17:59AM -0600, Antonio Olivares wrote:
> On Sun, Feb 19, 2012 at 4:22 AM, Matthew Seaman
> <m.seaman at infracaninophile.co.uk> wrote:
> > Here is the thing I alluded to under option (1). The security patch for
> > the unix domain socket problem came out in two chunks. There was an
> > original patch to fix the actual security problem, then a later followup
> > patch to fix a bug that exposed in the linux emulation layer. It is
> > possible to tell this from the text of the advisory as it exists at the
> > moment, but you might not see it unless you are looking for it. The
> > important bit of text is this:
> >
> > NOTE: The patch distributed at the time of the original advisory fixed
> > the security vulnerability but exposed the pre-existing bug in the
> > linux emulation subsystem. Systems to which the original patch was
> > applied should be patched with the following corrective patch, which
> > contains only the additional changes required to fix the newly-
> > exposed linux emulation bug:
> >
> > Given that the second part of the patch was actually not a security fix,
> > there would not have been a modified kernel distributed. So you got a
> > bundle of three advisories issued together on 2011-09-28 resulting in
> > FreeBSD 8.2-RELEASE-p3. Then later on, at 2011-10-04 a further update
> > was issued modifying FreeBSD-SA-11:05-unix and technically taking the
> > system to FreeBSD 8.2-RELEASE-p4. However, as this was not a security
> > fix, it was not applied to the freebsd-update distribution channel. As
> > none of the updates since then have touched the kernel, it will still
> > show -p3 even though you are in fact fully patched against all known
> > security problems.
>
> I hope this is the case, but that -p3 makes me think? I am hesistant
If it will feel you more confident that everything is OK, I too have -p3
reported from the kernel, but -p6 in newvers.sh. I remember a
discussion shortly after FreeBSD-SA-11:05-unix (maybe on
freebsd-security@ but I'm not sure) about this confusion with patch
level reported and if I remember correctly the conclusion was in
agreement with what Matthew wrote above.
>
> Thank you very much for your kind explanation and hopefully I am in
> the (4) category. How does one know when a new 8.2-RELEASE-pX, has
> been released? where X is a number >= 6?
>
You could follow freebsd-announce@, and/or optionally freebsd-security at .
All security advisories and errata patches are announced there.
Alternatively, there are http://www.freebsd.org/security/advisories.html
and http://www.freebsd.org/security/notices.html pages along with their
RSS feeds http://www.freebsd.org/security/rss.xml and
http://www.freebsd.org/security/errata.xml, respectively.
--
"Have you lived here all your life?"
"Oh, twice that long."
More information about the freebsd-questions
mailing list