From owner-freebsd-security Thu May 9 9:38:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id 2DFCE37B400 for ; Thu, 9 May 2002 09:38:08 -0700 (PDT) Received: from daleco [12.145.226.171] by mail.gbronline.com (SMTPD32-7.06) id A5A23E1A0206; Thu, 09 May 2002 11:36:50 -0500 Message-ID: <00c101c1f777$ce855ce0$abe2910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: Cc: References: <3CD8558E.2FA68C36@lumeta.com> <064601c1f68f$ae8e4480$c28c630a@bb.ubp.sk> <200205091628.g49GSGKG041778@intruder.bmah.org> Subject: Re: FreeBSD-SA-02:08 Date: Thu, 9 May 2002 11:37:26 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Bruce A. Mah" To: "[brano]" Cc: Sent: Thursday, May 09, 2002 11:28 AM Subject: Re: FreeBSD-SA-02:08 > If memory serves me right, "[brano]" wrote: > > > I have FreeBSD 4.5-RELEASE and i compile my own kernel. I need to apply > > patch FreeBSD-SA-02:08 ? > > I'm look at file src/sys/conf/newvers.sh which have: > > # $FreeBSD: src/sys/conf/newvers.sh,v 1.44.2.20.2.1 2002/01/28 06:42:16 > > murray Exp $ > > and in patch file is write 1.44.2.17.2.5 Revision > > then I need apply this patch ? > > No need. > > If you look in the release notes that come with FreeBSD 4.5-RELEASE, > you'll see that it already includes the fix for FreeBSD-SA-02:08. > > Good luck, > > Bruce. > However, there have been about 6 core issues since 4.5 Release. Look at SA-02:13, SA-02:18, SA-02:20-23.... A number of folks have mentioned possible successful attacks via the stdio exploit. Kevin Kinsey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message