Hi-- On Dec 3, 2009, at 3:05 AM, Andrea Venturoli wrote: > Sorry, this might seem a stupid question, but... > In several places I read that FreeBSD 6.x is NOT affected; however, I heard > some people discussing how to apply the patch to such systems. So, I'd like > to know for sure: is 6.x affected? Is another patch on the way for it?
Well, I've tested the exploit and FreeBSD 6.4-STABLE was not vulnerable. Starting with 7.x, rtld was significantly re-written from the prior version, and that re-write included the security vulnerability. The discussion you mention presumably involves checking out the patched version of rtld sources from 7.x or 8 and building+installing that under 6.x. Given that 6.x rtld is the older one with a longer history of security review and doesn't have the current known vulnerability, whereas the new version just got patched and might have other issues lurking, I am happy sticking with 6.x version on my 6.x boxes. Regards, -- -Chuck _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"