From owner-freebsd-questions  Sun Feb  9 02:20:18 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id CAA10362
          for questions-outgoing; Sun, 9 Feb 1997 02:20:18 -0800 (PST)
Received: from root.com (implode.root.com [198.145.90.17])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA10357
          for <freebsd-questions@freebsd.org>; Sun, 9 Feb 1997 02:20:13 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by root.com (8.7.6/8.6.5) with SMTP id CAA07732; Sun, 9 Feb 1997 02:21:17 -0800 (PST)
Message-Id: <199702091021.CAA07732@root.com>
X-Authentication-Warning: implode.root.com: Host localhost [127.0.0.1] didn't use HELO protocol
To: Brian Buchanan <brian@wasteland.calbbs.com>
cc: freebsd-questions@freebsd.org
Subject: Re: Updating without downloading the entire distribution 
In-reply-to: Your message of "Sat, 08 Feb 1997 23:37:51 PST."
             <Pine.BSF.3.91.970208232319.3234A-100000@wasteland.calbbs.com> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Sun, 09 Feb 1997 02:21:17 -0800
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>1) Do I need to rebuild any of my old non-system binaries to protect 
>myself from the stack overwite bug being discussed on the 
>freebsd-security list?

   Yes. The old binaries will still be linked with libc.so.2.2 and will
continue to use that library. The upgrade you did would not have updated
that library to contain the fixes (the libc in 2.2 is libc.so.3.0). You can
fix all those things built shared by getting the fixed libc.so.2.2 from the
soon-to-be- released FreeBSD 2.1.7...or you can rebuild the binaries so that
they are linked with libc.so.3.0.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project