Date: Tue, 01 Dec 2009 12:53:47 +0100 From: Jan Muenther <jan.muenther@nruns.com> To: Alex Huth <a.huth@tmr.net> Cc: freebsd-security@freebsd.org Subject: Re: Upcoming FreeBSD Security Advisory Message-ID: <4B1503CB.3080405@nruns.com> In-Reply-To: <20091201114845.359731A828F@mailv.nruns.com> References: <200912010120.nB11Kjm9087476@freefall.freebsd.org> <ov3Jq1IJ/c8KAXGQ501G8Os9xr8@Ll2tHa60cb%2BhiG8R4R8/VS21128> <20091201114845.359731A828F@mailv.nruns.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > I am new to patching systems, so forgive "stupid" questions. We have some 6.1 > systems. Are or will there be a patch for them or are they not involved in > this problem? > > I am new to patching systems, so forgive me any stupid questions. We have some > 6.1 and 6.3 systems. Are or will there be patches fro them or are they not > involved in this problem? > > How do i apply such a patch? With freebsd-update? As far as i know is this > tool only for systems >= 6.3 or? > Patches are patches for the source code, so you'll have to apply them with the patch(1) program and then re-compile. I'd be greatly surprised if the affected code looked different in 6.x. The bug itself is fairly interesting actually, if only for the reason that it displays what can happen if you don't check return values - other prime example of this causing security issues that I can think of off the top of my head are Windows impersonation bugs. stealth wrote this up: http://xorl.wordpress.com/2009/12/01/freebsd-ld_preload-security-bypass/ Maybe that sheds some light. Cheers, Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B1503CB.3080405>