Date: Fri, 23 Jun 2017 08:29:30 +1000 From: Peter Jeremy <peter@rulingia.com> To: Michelle Sullivan <michelle@sorbs.net> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: The Stack Clash vulnerability Message-ID: <20170622222930.GA36405@server.rulingia.com> In-Reply-To: <187b2241-510e-20f8-50c6-16b318e22e89@sorbs.net> References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com> <CAPyFy2CicxYBZpyy-pHS%2BQ=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com> <CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com> <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net> <0F042A4B-CB52-47EB-A191-D7617E51789A@FreeBSD.org> <187b2241-510e-20f8-50c6-16b318e22e89@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2017-Jun-22 13:14:33 +0200, Michelle Sullivan <michelle@sorbs.net> wrote: >I know, but with potentially serious issues even M$ issue patches for=20 >older release... To my knowledge, Microsoft has issued a patch on one occasion for an especialy critical vulnerabilicy on an unsupported release. I've seen no indication that the Stack Clash vulnerability can be compared in severity to WannaCry. >hardware.... I have 9.x servers that 10.x/11.x and even 12.x are=20 >unbootable (and given the nature of the hardware I expect people to say=20 >'too old, you should replace the hardware' - not my call, and currently=20 >not possible.) FreeBSD is a volunteer project. Supporting old releases requires effort that increases as the release gets older. The Project as a whole has published a support policy that is intended to strike a balance between requiring customers to upgrade (we realise that upgrading incurs a cost) and spending volunteer effort on maintaining old releases. Note that I am referring to _free_ support here. Unlike Microsoft, FreeBSD is open source. If the level of free support provided by the Project is insufficient for your needs, you always have the option of paying someone to provide whatever level of support you want. With respect to your 9.x servers, no-one is saying you must replace the hardware, just that the FreeBSD Project will not continue to provide you with free support whilst you choose to run 9.x on them. Note that 10.0 was released in January 2014, so you have had 3=BD years to resolve the problem that your servers aren't compatible with 10.x. >Not asking for new versions or new releases.. just patches applied for=20 >previous -STABLE trees.... As has been stated, the FreeBSD project will patch the supported -STABLE trees. --=20 Peter Jeremy --ReaqsoxgOBHFXBhH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJZTETKXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs06pQP/0N82xrfn0JHvgZbR6dz/icL Ad/DyBvkScmpcfB2Y/ZglCJiKUsXnn/3AMwMO119/y2HGiRmlTQ10jLcn52IDHCX FNMGGP0SrD80x9JV31Sij0wlyxI7hGchOM9uGQ/WcijvZHLfeLURk2dmUqGf11fZ y+A+omDAFvdIBeUr8I4kxJRE65zEV0ciG01zg17QSybS1YL/U3ZpMOQCPVoUxFV6 hF8yve9wVODzC+cyC0yhycXnGXaokWiZfgS3fW0EfG7i4SEKUdEDMMDTC4CXjRrH QsN857fEnDwrT8PiUTa1zpSZHwDKSVczzRvbEC+IiEnRobh9F27J0Blnqqvv7viM fFYxb3ai2jNVRaoMgHFTqLwizM8olQ4r4gtfZPQBVaSp9P4c+ywLFaz3pHyu+blY lC/dwuyPIndXFqJQTVExWQbCDEzND2kNM7qNQ3lpaA7dzBElrS7EAm7WkQdspJAw wSrxHT6CwwKljjW3qBKYOC0Qjm2BcZKeqoA2ht7xXlOz0OtqZTJ7oF2zDqWFjmWJ vQu8bT7i3H8hXwmAoRUXj6Sbyqbp6eCdQKcb91KwWrdvipW+l2ztDBMIxZ/4g5Sz G7aBws1zpQk+IcgEaj555nY19q4y0sCdJVb3LkKYXcqbNHZt2TJbm5RDsDcknTg2 McBDBtqpFcFrSJkuMg0Q =P3Cs -----END PGP SIGNATURE----- --ReaqsoxgOBHFXBhH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170622222930.GA36405>