Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath

From: Peter Jeremy (PeterJeremy_at_optushome.com.au)
Date: 08/04/03

  • Next message: Ronan Lucio: "Re: FTP" 
    Date: Mon, 4 Aug 2003 20:11:30 +1000
To: FreeBSD Security <FreeBSD-Security@freebsd.org>

    On Sun, Aug 03, 2003 at 05:04:31PM -0700, FreeBSD Security Advisories wrote:
    >Affects: All releases of FreeBSD up to and including 4.8-RELEASE
    > and 5.0-RELEASE
    > FreeBSD 4-STABLE prior to May 22 17:11:44 2003 UTC
    ...
    >V. Solution
    >
    >1) Upgrade your vulnerable system to 4.8-STABLE
    >or to any of the RELENG_5_1 (5.1-RELEASE), RELENG_4_8
    >(4.8-RELEASE-p1), or RELENG_4_7 (4.7-RELEASE-p11) security branches
    >dated after the respective correction dates.

    I found the reference to RELENG_5_1 in the "Solutions" section but no
    reference to 5.1-RELEASE in the "Affects" section somewhat confusing.
    This is compounded by the failure to mention RELENG_5_0 in the
    "Solutions" section. I gather that 5.1-RELEASE is not vulnerable due
    to the realpath() rewrite in 1.14.

    May I suggest that in future, when a release is not vulnerable due to
    code rewrites or similar, this fact be explicitly mentioned. IMHO,
    it's far better to err on the side of caution when dealing with
    security issues.

    Peter
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Ronan Lucio: "Re: FTP"
    • Quantcast