From owner-freebsd-questions  Tue Aug 14  0:28:21 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id CFBD437B410
	for <freebsd-questions@FreeBSD.ORG>; Tue, 14 Aug 2001 00:28:16 -0700 (PDT)
	(envelope-from ryan@sasknow.com)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id BAA27271;
	Tue, 14 Aug 2001 01:28:15 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Tue, 14 Aug 2001 01:28:15 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: William Nunn <yorkie123@hotmail.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Remotely Exploitable telnetd bug
In-Reply-To: <OE20Sx9x7BEH3PaydnL0000c0db@hotmail.com>
Message-ID: <Pine.BSF.4.21.0108140120340.24670-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

William Nunn wrote to freebsd-questions@FreeBSD.ORG:

> I'm planning on buying freebsd, but I saw the news about the bug on
> the site. As of today Aug 14th, If I buy a new jewel case or boxed
> distribution, will it include that security flaw. I know there is a
> patch for it, but I'm interested to know if i'm spared of it.

As Kris has already pointed out, the current (4.3-RELEASE) CDs still
contain the vulnerability. In your shoes, you have three options to squash
the bug:

1) Wait for the new CDs to ship (a small ways away yet)
2) Get the current 4.3-RELEASE CDs, and install FreeBSD. Then
   patch your system with the posted fixes.
3) Get 4.3 (on CD, downloaded, etc), and use cvsup to bring
   your system to the latest -STABLE version (which, right now,
   I think, is a 4.4 prerealease, meaning the latest stability
   and security issues are already in place).

If it were me, I'd go with door #3, but, then again, if you are relatively
new to FreeBSD (and especially if you are new to UNIX in general), you
might find the steps to upgrading with cvsup more complex than you'd like.
#1 is the easiest, but involves a delay. #2 is relatively easy if you
follow the instructions, but not all bugfixes or enhancements are
available as patches.


> regards,
> 
> William
> 

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message