Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv

From: H. Wade Minter (minter@lunenburg.org)
Date: 06/26/02


Date: Wed, 26 Jun 2002 15:26:34 -0400 (EDT)
From: "H. Wade Minter" <minter@lunenburg.org>
To: freebsd-security@freebsd.org

On Wed, 26 Jun 2002, FreeBSD Security Advisories wrote:

> =============================================================================
> FreeBSD-SA-02:28.resolv Security Advisory
> The FreeBSD Project
>
> Topic: buffer overflow in resolver
>
> Category: core
> Module: libc

[snip]

> Do one of the following:
>
> 1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6
> or RELENG_4_5 security branch dated after the correction date
> (4.6-RELEASE-p1 or 4.5-RELEASE-p7).
>
> 2) To patch your present system:
>
> The following patch has been verified to apply to FreeBSD 4.5 and
> FreeBSD 4.6 systems.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc
>
> b) Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch

So am I correct in assuming that this fix requires a complete system
rebuild (make buildworld) as opposed to just rebuilding a particular
module?

--Wade

-- 
'I say to you that the VCR is to the American film producer and the American
public as the Boston strangler is to the woman home alone.'
      Jack Valenti on VCRs, 1982
'It's getting clear -- alarmingly clear, I might add -- that we are in the
midst of the possibility of Armageddon.'
      Jack Valenti on the Internet, 2002
http://www.digitalconsumer.org/
http://digitalspeech.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message