Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath

From: Colin Percival (colin.percival_at_wadham.ox.ac.uk)
Date: 08/05/03

  • Next message: Jacques A. Vidrine: "Re: IMPORTANT FOR lukemftpd USERS (was Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath)" 
    Date: Mon, 04 Aug 2003 16:01:34 -0700
To: freebsd-security@freebsd.org

    At 00:54 04/08/2003 -0700, I wrote:
    > Once the binary updates are available, FreeBSD Update
    >(security/freebsd-update in the ports tree) will be able to fetch and
    >install them; I'll send another email to this list after they've been
    >built, signed, and uploaded.

       Binary patches can now be installed via FreeBSD Update for any systems
    with a binary install of 4.7-RELEASE or 4.8-RELEASE which have not have any
    system binaries rebuilt or replaced locally (except by FreeBSD Update).
       With a recent copy of the ports tree:
    1. cd /usr/ports/security/freebsd-update/ && make all install
    2. cp /usr/local/etc/freebsd-update.conf.sample
    /usr/local/etc/freebsd-update.conf
    3. /usr/local/sbin/freebsd-update fetch
    4. /usr/local/sbin/freebsd-update install

       In FreeBSD 4.7, the following binaries were affected by this security
    advisory:
    /bin/mv
    /bin/pwd
    /bin/realpath
    /sbin/kldconfig
    /sbin/mount
    /sbin/mount_cd9660
    /sbin/mount_ext2fs
    /sbin/mount_fdesc
    /sbin/mount_kernfs
    /sbin/mount_linprocfs
    /sbin/mount_mfs
    /sbin/mount_msdos
    /sbin/mount_nfs
    /sbin/mount_ntfs
    /sbin/mount_null
    /sbin/mount_nwfs
    /sbin/mount_portal
    /sbin/mount_procfs
    /sbin/mount_smbfs
    /sbin/mount_std
    /sbin/mount_umap
    /sbin/mount_union
    /sbin/mountd
    /sbin/newfs
    /sbin/umount
    /usr/bin/make
    /usr/lib/libc.a
    /usr/lib/libc.so.4
    /usr/lib/libc_p.a
    /usr/lib/libc_pic.a
    /usr/lib/libc_r.a
    /usr/lib/libc_r.so.4
    /usr/lib/libc_r_p.a
    /usr/libexec/lukemftpd
    /usr/libexec/sftp-server
    /usr/sbin/config
    /usr/sbin/pkg_add
    /usr/sbin/sshd

       In FreeBSD 4.8, the same binaries were affected, with the exception of
    /sbin/mount_kernfs (no longer installed), /usr/bin/make (no longer uses
    realpath), and /usr/libexec/lukemftpd (no longer installed).

    Colin Percival

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Jacques A. Vidrine: "Re: IMPORTANT FOR lukemftpd USERS (was Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath)"

    Relevant Pages

    • FreeBSD 5.2 -> 5.2.1 upgrade
      ... FreeBSD Update will now update ... systems running FreeBSD 5.2-RELEASE to 5.2.1-RELEASE. ... # /usr/local/sbin/freebsd-update install ... binaries distributed with 5.2.1-RELEASE, with the following ...
      (freebsd-current)
    • FreeBSD 5.2 -> 5.2.1 upgrade
      ... FreeBSD Update will now update ... systems running FreeBSD 5.2-RELEASE to 5.2.1-RELEASE. ... # /usr/local/sbin/freebsd-update install ... binaries distributed with 5.2.1-RELEASE, with the following ...
      (FreeBSD-Security)
    • FreeBSD 5.2 -> 5.2.1 upgrade
      ... FreeBSD Update will now update ... systems running FreeBSD 5.2-RELEASE to 5.2.1-RELEASE. ... # /usr/local/sbin/freebsd-update install ... binaries distributed with 5.2.1-RELEASE, with the following ...
      (freebsd-current)
    • Re: installing mod_ssl on Fedora Core 4 -- complaining about httpd =?UTF-8?B?PQ==?= 2.0.
      ... just used the standard httpd binaries, which would have enabled me to ... Rather than giving you a stock Fedora server to play with, they stuff with some frankenpackages. ... Then, once that package is nuked from high orbit, I'd compile a list of all the little packages that make up that php frankenpackage, then I'd run ... After they're gone, I'd just run "yum install", which should now pull in the standard Fedora version of these packages. ...
      (comp.os.linux.misc)
    • Re: Number of downloads
      ... The bloat situation is not quite as bad as it may appear. ... initial setup script it asks if you want a full install (meaning ... But even that bloat is due to the many large binaries. ... want even the binaries from emacs, perl, python, vi, etc. it gets MUCH ...
      (comp.os.minix)