[EMAIL PROTECTED]@mgEDV.net wrote:

I can't answer you main question, but I would say that you can bet your shirt on the fact that there will be no known security issues in the older packages.

At least for openssl and openssh you can get latest versions through the ports. Not an option for everything -- I see no zlib for example and I don't believe there's a standard cvs port either.

as for zlib i definitely know, that there are 2 security flaws, which can
lead to problems when invalid compressed data is feeded.
If you believe that's the case then tell the security officer. My bet is that the version with FreeBSD 6 is patched, but you shouldn't take my word for it. http://www.freebsd.org/security/ You'll notice there that there were zlib patches to 5.X series before 6.0 had even been released. So those patches would already be in 6.0 and now 6.1, unless someone goofed badly.

my problem also is not the installation of ports/packages/custom compiles,
it's more that the operating system components itself are linked against
these older libraries an therefore will contain bugs, which may have been
already solved.
i definitely don't want to install openssl twice on the same host, as this
make's no sense for me. if the os operates with the old version, security
is at that level at all, regardless of one or another userland-daemon having
a newer version being linked to.
When you install openssh or openssl from the ports you can choose to *replace* the current FreeBSD libs etc. There are many threads that have dealt with this in the past.

However, I will say again, FreeBSD has a CVS security branch for a reason - because security bugs get fixed on it. The older versions may lack *features* but I myself am confident that they do not have known bugs.


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to