FreeBSD Update (was: Re: FreeBSD Security Advisory
FreeBSD-SA-03:12.openssh)
Colin Percival
colin.percival at wadham.ox.ac.uk
Thu Sep 18 10:19:30 PDT 2003
At 16:31 18/09/2003 +0200, Marton Kenyeres wrote:
>If you track RELENG_4_8 or RELENG_4_7 the security/freebsd-update port may be
>an option. Note that AFAIK you can only use this, if you did a binary install
>of the system and did NOT recompile it since.
Another few notes to add:
1. "Binary install" means "binary install of the officially published FTP
or ISO image" -- if you ran `make release` on your own, FreeBSD Update
won't work.
2. There is a delay between updated source code becoming available and
binary updates being online. Anyone who tried to update a 4.8-RELEASE
system before about 11AM 18/9/03 GMT, or a 4.7-RELEASE system before about
4AM GMT, will not have the latest patches (in fact, they'll have the first
version of the ssh fixes). If this applies to you, run FreeBSD Update again.
3. FreeBSD Update is designed to be run from cron. This is perfectly safe,
since it only fetches updates and sends an email to root, and it uses
minimal bandwidth. I highly recommend that people do this (but if your
clock is set to GMT, please pick a time other than 3AM).
Colin Percival
More information about the freebsd-security
mailing list