From owner-freebsd-security@FreeBSD.ORG Mon Mar 28 21:40:15 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D417B16A4CE; Mon, 28 Mar 2005 21:40:15 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id C5E6343D46; Mon, 28 Mar 2005 21:40:14 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 57F521210B; Mon, 28 Mar 2005 23:40:13 +0200 (CEST) Date: Mon, 28 Mar 2005 23:40:12 +0200 From: "Simon L. Nielsen" To: Will Yardley Message-ID: <20050328214011.GB7306@zaphod.nitro.dk> References: <20050328212408.GC12478@mitch.veggiechinese.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kORqDWCi7qDJ0mEj" Content-Disposition: inline In-Reply-To: <20050328212408.GC12478@mitch.veggiechinese.net> User-Agent: Mutt/1.5.9i cc: "Jacques A. Vidrine" cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:01.telnet X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2005 21:40:16 -0000 --kORqDWCi7qDJ0mEj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.03.28 13:24:08 -0800, Will Yardley wrote: > On Mon, Mar 28, 2005 at 07:52:14PM +0000, FreeBSD Security Advisories wro= te: >=20 > [ Not sure else where to follow up to - I don't want to bug the security > team directly about this, so just writing the list for now ] In general it's fine to bug the security team directly of stuff like this, but we also do read freebsd-security@ :-). > > b) Execute the following commands as root: > >=20 > > # cd /usr/src > > # patch < /path/to/patch >=20 > On my home machine (5.3-RELEASE) this failed - I had to go to=20 > /usr/src/contrib/telnet/telnet for the patch to apply. Indeed, looks like the FreeBSD 5 patch is an "old" version since that should have been fixed. I just CC'ed nectar so this can be fixed ASAP. > > c) Rebuild the operating system as described in > > . >=20 > Just curious... why is it necessary to rebuild the whole operating > system? Normally, the security advisories just have you rebuild the > program in question - wouldn't that have sufficed here? Due to multiple telnet versions (especially in FreeBSD 4) it was judged that including more specific build instructions for all the possible combinations of telnet and build options gave to high a risk for errors possibly resulting in users not actually getting telnet rebuild correctly. --=20 Simon L. Nielsen --kORqDWCi7qDJ0mEj Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCSHm7h9pcDSc1mlERAjJgAJsHrM3QMs1DLJ0HE32DEM9RBqX0/QCfc6ns xMi2Hyv9ygzFzSZCSzdseZU= =9ykX -----END PGP SIGNATURE----- --kORqDWCi7qDJ0mEj--