Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Chuck Swiger (cswigermac.com)
Date: Thu Dec 03 2009 - 12:15:14 CST
On Dec 3, 2009, at 3:05 AM, Andrea Venturoli wrote:
> Sorry, this might seem a stupid question, but...
> In several places I read that FreeBSD 6.x is NOT affected; however, I heard some people discussing how to apply the patch to such systems. So, I'd like to know for sure: is 6.x affected? Is another patch on the way for it?
Well, I've tested the exploit and FreeBSD 6.4-STABLE was not vulnerable. Starting with 7.x, rtld was significantly re-written from the prior version, and that re-write included the security vulnerability.
The discussion you mention presumably involves checking out the patched version of rtld sources from 7.x or 8 and building+installing that under 6.x. Given that 6.x rtld is the older one with a longer history of security review and doesn't have the current known vulnerability, whereas the new version just got patched and might have other issues lurking, I am happy sticking with 6.x version on my 6.x boxes.
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"