On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote:
>question: if i choose Patch Solution 1 from 
>http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i 
>need to build a new kernel to go with this, or can i just build the world and 
>be done with it?

The phrase "Upgrade your vulnerable system" implies performing the full
upgrade as per handbook, which means kernel and world. 

I would never recommend rebuilding world without kernel, even it appears
to be without risk, for three extremely good reasons:

        o the handbook says not to, and explains why

        o so that you will never fall into the habit of just building world
        and get caught out one day when it bites you

        o so that the correct version of your system will be reflected in
        the output of 'uname -a' eg: 5.3-RELEASE-p32 and hence you will
        be able to track the patchlevel of your system

That said, I wouldn't discourage you from patching sendmail immediately
to correct the vulnerability as per procedure 2) if time is critical but
I would certainly encourage following through with a system update as per
1) as soon as possible.

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to