FreeBSD Security Advisory FreeBSD-SA-09:16.rtld
Chuck Swiger
cswiger at mac.com
Thu Dec 3 18:15:38 UTC 2009
Hi--
On Dec 3, 2009, at 3:05 AM, Andrea Venturoli wrote:
> Sorry, this might seem a stupid question, but...
> In several places I read that FreeBSD 6.x is NOT affected; however, I heard some people discussing how to apply the patch to such systems. So, I'd like to know for sure: is 6.x affected? Is another patch on the way for it?
Well, I've tested the exploit and FreeBSD 6.4-STABLE was not vulnerable. Starting with 7.x, rtld was significantly re-written from the prior version, and that re-write included the security vulnerability.
The discussion you mention presumably involves checking out the patched version of rtld sources from 7.x or 8 and building+installing that under 6.x. Given that 6.x rtld is the older one with a longer history of security review and doesn't have the current known vulnerability, whereas the new version just got patched and might have other issues lurking, I am happy sticking with 6.x version on my 6.x boxes.
Regards,
--
-Chuck
More information about the freebsd-security
mailing list