On Sat, May 21, 2005 at 01:29:11PM +0000, Robert S wrote: > 8I've just started playing around with FreeBSD. One of my main > priorities of an OS is ease of upgrading. If I run portaudit, I get a > list of insecure packages (here is an excerpt from the output): > > Affected package: firefox-1.0.3,1 > Type of problem: mozilla -- code execution via javascript: IconURL > vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/eca6195a-c233-11d9-804c-02061b08fc24.html> > > Affected package: kdelibs-3.4.0_1 > Type of problem: kdelibs -- kimgio input validation errors. > Reference: > <http://www.FreeBSD.org/ports/portaudit/06404241-b306-11d9-a788-0001020eed82.html> > > 4 problem(s) in your installed packages found. > > You are advised to update or deinstall the affected package(s) immediately. > freebsd # > > If I try to replace kdelibs with a binary package, or install it > through ports (after doing a cvsup), I still get verion 3.4.0_1. > > Are fixes not necessarily made available when security vulnerabilities > are found?
Not instantly, of course..and in some cases they are not fixed for a long time. The third party software in the ports collection is maintained to different standards depending on the project. If you have questions, you should contact those third party developers. > Also -- is there a similar utility to portaudit and freebsd-update, > that can be used on the base operating system (not through ports)? freebsd update works on the base system. Kris
pgprcKHQtnynm.pgp
Description: PGP signature
