John Hall wrote:
We currently have 5.4-PRERELEASE installed on our web box:
outpost# uname -a FreeBSD outpost.blacklotus.net 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0: Wed Mar 30 13:38:38 MST 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/OUTPOST i386
I need to know if we need to update the server to 5.4-RELEASE with this version of 5.4 in order to protect against the sendfile kernel memory problem in the security notice at:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile. asc
Thanks!
John Hall [EMAIL PROTECTED]
Manager of Operations
Black Lotus Communications
[http://www.blacklotus.net]
I don't think it's possible to update to 5.4-RELEASE, as it doesn't exist yet AFAICT from the web site. I've not checked the CVS repo or mirrors, so I guess it's possible that it has been tagged in the last couple of days, though.
Updating to any codebase from today or following the patch method outlined in the announcement should make you safe from this vulnerability.
See the Handbook chapter on "the Cutting Edge". The RELEASE tag you'd want would be "RELENG_5", I expect.
Whoops, OK: now I see that apparently 5.4 has
been tagged. As mentioned in the advisory, you
can either patch your system and recompile the
kernel or update to one of seven different code
paths to get the new code. If you server was built
just a week ago, then 5.4-RELEASE sounds great
for this purpose, and the only viable choices for you
are RELENG_5, RELENG_5_4, or RELENG_5_3. However, the recommended procedure for the
entire world reinstall includes some time (not
much, probably) spent in single-user mode, so if this
is a busy box that needs 99.99 percent uptime, maybe
the kernel rebuild would be better, as a simple reboot
on the new kernel would be the only thing required....
I'm sure that this statement might be open to debate....
Kevin Kinsey _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
