Date: Tue, 5 Apr 2005 22:05:40 +0000 From: Pietro Cerutti <pietro.cerutti@gmail.com> To: Kevin Kinsey <kdk@daleco.biz> Cc: questions@freebsd.org Subject: Re: PRERELEASE? Message-ID: <e572718c05040515052d25d187@mail.gmail.com> In-Reply-To: <4252CA5C.9040706@daleco.biz> References: <3rr04b$oie03j@mxip02a.cluster1.charter.net> <4252CA5C.9040706@daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 5, 2005 5:26 PM, Kevin Kinsey <kdk@daleco.biz> wrote: > John Hall wrote: > > >We currently have 5.4-PRERELEASE installed on our web box: > > > >outpost# uname -a > >FreeBSD outpost.blacklotus.net 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0: Wed > >Mar 30 13:38:38 MST 2005 > >hallj@outpost.blacklotus.net:/usr/obj/usr/src/sys/OUTPOST i386 > > > >I need to know if we need to update the server to 5.4-RELEASE with this > >version of 5.4 in order to protect against the sendfile kernel memory > >problem in the security notice at: > > > >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile. > >asc > > > >Thanks! > > > >John Hall [jhall@lotuscom.net] > >Manager of Operations > >Black Lotus Communications > >[http://www.blacklotus.net] > > > > > > I don't think it's possible to update to 5.4-RELEASE, as it > doesn't exist yet AFAICT from the web site. I've not checked > the CVS repo or mirrors, so I guess it's possible that it has > been tagged in the last couple of days, though. Yes it's on the CVSs repositories now.... > > Updating to any codebase from today or following the > patch method outlined in the announcement should > make you safe from this vulnerability. > > See the Handbook chapter on "the Cutting Edge". > The RELEASE tag you'd want would be "RELENG_5", > I expect. > > Whoops, OK: now I see that apparently 5.4 has > been tagged. As mentioned in the advisory, you > can either patch your system and recompile the > kernel or update to one of seven different code > paths to get the new code. If you server was built > just a week ago, then 5.4-RELEASE sounds great > for this purpose, and the only viable choices for you > are RELENG_5, RELENG_5_4, or RELENG_5_3. > However, the recommended procedure for the > entire world reinstall includes some time (not > much, probably) spent in single-user mode, so if this > is a busy box that needs 99.99 percent uptime, maybe > the kernel rebuild would be better, as a simple reboot > on the new kernel would be the only thing required.... > I'm sure that this statement might be open to debate.... > > Kevin Kinsey > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Pietro Cerutti <pietro.cerutti@gmail.com> <http://www.gahr.ch/pgp-key> Beansidhe - SwiSS Death / Thrash Metal <www.beansidhe.ch> Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e572718c05040515052d25d187>