Date: Wed, 26 Jun 2002 12:23:18 -0600 From: Brett Glass <brett@lariat.org> To: Andrew Kenneth Milton <akm@theinternet.com.au> Cc: Bosko Milekic <bmilekic@unixdaemons.com>, freebsd-security@FreeBSD.ORG Subject: Re: Users of FreeBSD releases should upgrade OpenSSH too (Was: The "race" that Theo sought to avoid...) Message-ID: <4.3.2.7.2.20020626121804.022dc1b0@localhost> In-Reply-To: <20020627041540.U89115@zeus.theinternet.com.au> References: <4.3.2.7.2.20020626115517.022108b0@localhost> <4.3.2.7.2.20020626101626.02274c80@localhost> <200206261452.AAA26617@caligula.anu.edu.au> <5.1.0.14.0.20020626103651.048ec778@marble.sentex.ca> <5.1.0.14.0.20020626110043.0522ded8@marble.sentex.ca> <4.3.2.7.2.20020626101626.02274c80@localhost> <20020626132416.A42340@unixdaemons.com> <4.3.2.7.2.20020626115517.022108b0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:15 PM 6/26/2002, Andrew Kenneth Milton wrote: >Au contraire. An upgrade to 3.4 is mandatory iff a security advisory is >released by the freebsd-security team indicating it is. The FreeBSD security team does not have an exclusive monopoly on good advice. And while it has done some good things, it has also failed to do many things that are necessary for good security. For example, it has not ensured that binary packages are updated when the corresponding ports are changed to correct security flaws. This leaves the many people who do network installs vulnerable to old security flaws when they install binary packages (as they're encouraged to do by the FreeBSD installer). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020626121804.022dc1b0>