From owner-freebsd-questions@FreeBSD.ORG Sun Feb 19 17:50:01 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D4F1106566B for ; Sun, 19 Feb 2012 17:50:01 +0000 (UTC) (envelope-from nzp@riseup.net) Received: from mx1.riseup.net (mx1.riseup.net [204.13.164.18]) by mx1.freebsd.org (Postfix) with ESMTP id 6003A8FC12 for ; Sun, 19 Feb 2012 17:50:01 +0000 (UTC) Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id D76D958C5B for ; Sun, 19 Feb 2012 09:50:00 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: nzp@fruiteater.riseup.net) with ESMTPSA id DCD6E5F6 Date: Sun, 19 Feb 2012 18:49:56 +0100 From: Nikola =?utf-8?B?UGF2bG92acSH?= To: freebsd-questions@freebsd.org Message-ID: <20120219174956.GA34784@sputnjik.localdomain> Mail-Followup-To: freebsd-questions@freebsd.org References: <201202190204.q1J24gJx080884@mail.r-bonomi.com> <4F40CD81.1000708@infracaninophile.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: clamav-milter 0.97.3 at mx1 X-Virus-Status: Clean Subject: Re: No updates needed to update system to 8.2-RELEASE-p6 but still on 8.2-RELEASE-p3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Feb 2012 17:50:01 -0000 On Sun, Feb 19, 2012 at 05:17:59AM -0600, Antonio Olivares wrote: > On Sun, Feb 19, 2012 at 4:22 AM, Matthew Seaman > wrote: > > Here is the thing I alluded to under option (1).  The security patch for > > the unix domain socket problem came out in two chunks.  There was an > > original patch to fix the actual security problem, then a later followup > > patch to fix a bug that exposed in the linux emulation layer.  It is > > possible to tell this from the text of the advisory as it exists at the > > moment, but you might not see it unless you are looking for it.  The > > important bit of text is this: > > > >  NOTE: The patch distributed at the time of the original advisory fixed > >  the security vulnerability but exposed the pre-existing bug in the > >  linux emulation subsystem.  Systems to which the original patch was > >  applied should be patched with the following corrective patch, which > >  contains only the additional changes required to fix the newly- > >  exposed linux emulation bug: > > > > Given that the second part of the patch was actually not a security fix, > > there would not have been a modified kernel distributed.  So you got a > > bundle of three advisories issued together on 2011-09-28 resulting in > > FreeBSD 8.2-RELEASE-p3.  Then later on, at 2011-10-04 a further update > > was issued modifying FreeBSD-SA-11:05-unix and technically taking the > > system to FreeBSD 8.2-RELEASE-p4.  However, as this was not a security > > fix, it was not applied to the freebsd-update distribution channel.  As > > none of the updates since then have touched the kernel, it will still > > show -p3 even though you are in fact fully patched against all known > > security problems. > > I hope this is the case, but that -p3 makes me think? I am hesistant If it will feel you more confident that everything is OK, I too have -p3 reported from the kernel, but -p6 in newvers.sh. I remember a discussion shortly after FreeBSD-SA-11:05-unix (maybe on freebsd-security@ but I'm not sure) about this confusion with patch level reported and if I remember correctly the conclusion was in agreement with what Matthew wrote above. > > Thank you very much for your kind explanation and hopefully I am in > the (4) category. How does one know when a new 8.2-RELEASE-pX, has > been released? where X is a number >= 6? > You could follow freebsd-announce@, and/or optionally freebsd-security@. All security advisories and errata patches are announced there. Alternatively, there are http://www.freebsd.org/security/advisories.html and http://www.freebsd.org/security/notices.html pages along with their RSS feeds http://www.freebsd.org/security/rss.xml and http://www.freebsd.org/security/errata.xml, respectively. -- "Have you lived here all your life?" "Oh, twice that long."