V uname -a chyba udaj o aplikovani zaplat

Dan Lukes dan at obluda.cz
Wed Feb 4 10:52:10 CET 2009


Gabriel napsal/wrote, On 02/04/09 10:39:
>>> Proste aplikoval patche LEN na bind
>>
>> Pomoci csup ? To tezko ...

> csup zupdatuje cely src tree. Lenze nepotrebujes robit make buildworld, 
> make buildkernel a potom install oboch, pokial je SA iba na bind.
> 
> Staci (podla navodu v SA):
> # cd /usr/src/lib/bind
> # make obj && make depend && make && make install
> # cd /usr/src/usr.sbin/named
> # make obj && make depend && make && make install
> 
> 
> To DEFINITIVNE nezmeni vypis uname.

Jenze to je prave ono - zadny takovyhle postup v SA popsany neni. Ten ti 
dava dve moznosti:

  ----------------------
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
dated after the correction date.

2) To patch your present system:

...
a) Download
...
b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
...
  ----------------------

Prvni je "upgrade" - to jest - cvsup a rekompilace celeho systemu. To 
patchlevel meni.

Druhy je aplikovat specificke patche a prelozit pouze dotcene adresare. 
Ten patchlevel nemeni.

Tazatel pouzil cvsup, ale patchlevel se mu nezmenila - to znamena, ze 
udelal neco jinak nez jak to udelano (podle SA) byt melo.

Co vlastne presne udelal a jestli tedy patch aplikovany ma nebo nema, to 
nevime.

Ale to uz jsme to probirali - myslim, ze ta veta byla "muzeme doufat, ze 
patch aplikovany ma".

Coz se mi na otazku, ktera patrala po tom, jestli se mu ho aplikovat 
podarilo nezda byt optimalni odpovedi, ale lepsi dohromady asi nedame.

							Dan



More information about the Users-l mailing list