Can't reinstall linux-f10-openldap
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Mon May 19 17:47:30 UTC 2014
Walter Hurry <walterhurry at gmail.com> writes:
> I'm trying to reinstall net/linux-f10-openldap, but am being prevented
> from doing so.
>
> ------------------------------------------------------------
> ===> linux-f10-openldap-2.4.12_1 has known vulnerabilities:
> linux-f10-openldap-2.4.12_1 is vulnerable:
> OpenLDAP -- incorrect handling of NULL in certificate Common Name
> CVE: CVE-2009-3767
> WWW: http://portaudit.FreeBSD.org/abad20bf-c1b4-11e3-
> a5ac-001b21614864.html
> => Please update your ports tree and try again.
> *** [check-vulnerable] Error code 1
>
> Stop in /usr/ports/net/linux-f10-openldap.
> ------------------------------------------------------------
>
> The portaudit web page says that there is indeed a vulnerability in this
> version, but it is the latest version available in the ports tree.
>
> Is there any way around this?
The only options are the obvious ones:
1) Override the vulnerability warning and install anyway.
2) Wait for somebody else to commit a non-vulnerable port.
3) Create a non-vulnerable port yourself.
Updating the Linux emulation can be tricky, because you never know when
a new version of a program will start using a Linux kernel feature that
we don't emulate. I'm not up-to-date on future directions of the
Linuxulator; there are several linux-base sets these days.
More information about the freebsd-questions
mailing list