A question about Security Advisories
Oleksandr Kryvulia
shuriku at shurik.kiev.ua
Tue Aug 11 07:21:44 UTC 2020
Hi,
Last years all Security Advisories regarding base system in the "update
your vulnerable system via a source code patch " section recommends to
rebuild a whole world instead of an affected part of a base system. This
is in a most cases an overhead.
For example 9 years old SA-11:04 [1] offers:
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.bin/compress
# make obj && make depend && make && make install
# cd /usr/src/usr.bin/gzip
# make obj && make depend && make && make install
What is a reason we stop to do it? I understand that the preferred way
now is a binary upgrade.
Thank you.
[1]
https://www.freebsd.org/security/advisories/FreeBSD-SA-11:04.compress.asc
More information about the freebsd-security
mailing list