From owner-freebsd-security@FreeBSD.ORG Fri Jan 30 08:25:13 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D381016A4CE for ; Fri, 30 Jan 2004 08:25:13 -0800 (PST) Received: from tx1.oucs.ox.ac.uk (tx1.oucs.ox.ac.uk [129.67.1.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1757043D7C for ; Fri, 30 Jan 2004 08:24:25 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan1.oucs.ox.ac.uk ([129.67.1.166] helo=localhost) by tx1.oucs.ox.ac.uk with esmtp (Exim 4.24) id 1AmbPF-0002R5-GS for security@freebsd.org; Fri, 30 Jan 2004 16:22:09 +0000 Received: from rx1.oucs.ox.ac.uk ([129.67.1.165]) by localhost (scan1.oucs.ox.ac.uk [129.67.1.166]) (amavisd-new, port 25) with ESMTP id 09152-07 for ; Fri, 30 Jan 2004 16:22:08 +0000 (GMT) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx1.oucs.ox.ac.uk with smtp (Exim 4.24) id 1AmbPE-0002Qv-6B for security@freebsd.org; Fri, 30 Jan 2004 16:22:08 +0000 Received: (qmail 15749 invoked by uid 0); 30 Jan 2004 16:22:08 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 2.423326 secs); 30 Jan 2004 16:22:08 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 2.423326 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 30 Jan 2004 16:22:06 -0000 Message-Id: <6.0.1.1.1.20040130161508.03e79768@imap.sfu.ca> X-Sender: cperciva@imap.sfu.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Fri, 30 Jan 2004 16:21:11 +0000 To: security@freebsd.org From: Colin Percival In-Reply-To: <200401301607.i0UG7CIl082205@freefall.freebsd.org> References: <200401301607.i0UG7CIl082205@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:01.mksnap_ffs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 16:25:14 -0000 At 16:07 30/01/2004, FreeBSD Security Advisories wrote: >============================================================================= >FreeBSD-SA-04:01.mksnap_ffs Security Advisory > >V. Solution >Do one of the following: > >1) Upgrade your vulnerable system to the RELENG_5_1 or RELENG_5_2 >security branch dated after the correction date. > >2) To patch your present system [...] As usual, there is a third option here: I'm building binary security updates and distributing them via the FreeBSD Update port (security/freebsd-update in the ports tree). For systems running an official RELEASE plus security patches, this provides an easier update method than building from source. To use these updates: 1) Install FreeBSD Update and copy the sample configuration file into place: # cd /usr/ports/security/freebsd-update && make install clean # cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf 2) Fetch and install updates: # /usr/local/sbin/freebsd-update fetch # /usr/local/sbin/freebsd-update install For more details see http://www.daemonology.net/freebsd-update/ . Note that this is something I'm providing personally; it is in no way endorsed by the Security Officer or the Project as a whole. Colin Percival