Wednesday, November 24, 2004

Using FreeBSD Update to Patch FreeBSD

When the FreeBSD Security team released an advisory for fetch(1), I knew I could turn to Colin Percival's FreeBSD Update for binary security upgrades.

Installation is simple. Here's how to installing via package:

pkg_add -vr freebsd-update
mkdir /usr/local/freebsd-update
cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf

Here is how FreeBSD Update patched the fetch(1) vulnerability:

orr:/root# freebsd-update fetch
Fetching public key...
Fetching updates signature...
Fetching updates...
Fetching hash list signature...
Fetching hash list...
Examining local system...
Fetching updates...
/usr/bin/fetch...
Updates fetched

To install these updates, run: '/usr/local/sbin/freebsd-update install'
orr:/root# freebsd-update install
Backing up /usr/bin/fetch...
Installing new /usr/bin/fetch...


That's it. I didn't need to CVSup to STABLE or manually patch the fetch(1) binary. FreeBSD Update handled it, and with the change being to userland, no reboot is necessary.

2 comments:

Anonymous said...
This comment has been removed by a blog administrator.
dghnfgj said...
This comment has been removed by a blog administrator.