From owner-freebsd-security@FreeBSD.ORG Sat May 31 02:40:58 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB6A537B401 for ; Sat, 31 May 2003 02:40:58 -0700 (PDT) Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBD1343F93 for ; Sat, 31 May 2003 02:40:57 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta01-svc.ntlworld.comESMTP <20030531094056.ZAUV2283.mta01-svc.ntlworld.com@piii600.wadham.ox.ac.uk> for ; Sat, 31 May 2003 10:40:56 +0100 Message-Id: <5.0.2.1.1.20030531095329.047965e0@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Sat, 31 May 2003 10:39:43 +0100 To: freebsd-security@freebsd.org From: Colin Percival Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Advisory: security/freebsd-update port X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 May 2003 09:40:59 -0000 Topic: Potential failure to update vulnerable files Synopsis: FreeBSD Update is a system for tracking FreeBSD release (aka security) branches via signed binary updates. At present, updates are being built for FreeBSD 4.7-RELEASE and 4.8-RELEASE. As a result of differences between the ISO image and FTP distributions of 4.7-RELEASE, FreeBSD Update may have failed to recognize certain files as needing replacement. Based on server logs, I believe up to 20 people may have been affected by this. Impact: Some security patches might have not been applied, potentially leaving a system open to attack. Fix: Run FreeBSD Update again; it will fetch the latest update index, which corrects this issue. Colin Percival