On Apr 5, 2005 5:26 PM, Kevin Kinsey <[EMAIL PROTECTED]> wrote: > John Hall wrote: > > >We currently have 5.4-PRERELEASE installed on our web box: > > > >outpost# uname -a > >FreeBSD outpost.blacklotus.net 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0: Wed > >Mar 30 13:38:38 MST 2005 > >[EMAIL PROTECTED]:/usr/obj/usr/src/sys/OUTPOST i386 > > > >I need to know if we need to update the server to 5.4-RELEASE with this > >version of 5.4 in order to protect against the sendfile kernel memory > >problem in the security notice at: > > > >ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile. > >asc > > > >Thanks! > > > >John Hall [EMAIL PROTECTED] > >Manager of Operations > >Black Lotus Communications > >[http://www.blacklotus.net] > > > > > > I don't think it's possible to update to 5.4-RELEASE, as it > doesn't exist yet AFAICT from the web site. I've not checked > the CVS repo or mirrors, so I guess it's possible that it has > been tagged in the last couple of days, though.
Yes it's on the CVSs repositories now.... > > Updating to any codebase from today or following the > patch method outlined in the announcement should > make you safe from this vulnerability. > > See the Handbook chapter on "the Cutting Edge". > The RELEASE tag you'd want would be "RELENG_5", > I expect. > > Whoops, OK: now I see that apparently 5.4 has > been tagged. As mentioned in the advisory, you > can either patch your system and recompile the > kernel or update to one of seven different code > paths to get the new code. If you server was built > just a week ago, then 5.4-RELEASE sounds great > for this purpose, and the only viable choices for you > are RELENG_5, RELENG_5_4, or RELENG_5_3. > However, the recommended procedure for the > entire world reinstall includes some time (not > much, probably) spent in single-user mode, so if this > is a busy box that needs 99.99 percent uptime, maybe > the kernel rebuild would be better, as a simple reboot > on the new kernel would be the only thing required.... > I'm sure that this statement might be open to debate.... > > Kevin Kinsey > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- Pietro Cerutti <[EMAIL PROTECTED]> <http://www.gahr.ch/pgp-key> Beansidhe - SwiSS Death / Thrash Metal <www.beansidhe.ch> Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
