Advisory: security/freebsd-update port
Colin Percival
colin.percival at wadham.ox.ac.uk
Sat May 31 02:40:59 PDT 2003
Topic: Potential failure to update vulnerable files
Synopsis: FreeBSD Update is a system for tracking FreeBSD
release (aka security) branches via signed
binary updates. At present, updates are being
built for FreeBSD 4.7-RELEASE and 4.8-RELEASE.
As a result of differences between the ISO image
and FTP distributions of 4.7-RELEASE, FreeBSD
Update may have failed to recognize certain
files as needing replacement. Based on server
logs, I believe up to 20 people may have been
affected by this.
Impact: Some security patches might have not been
applied, potentially leaving a system open to
attack.
Fix: Run FreeBSD Update again; it will fetch the
latest update index, which corrects this issue.
Colin Percival
More information about the freebsd-security
mailing list