📄 security-advisories.html
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta name="generator" content="HTML Tidy, see www.w3.org" /><title>FreeBSD Security Advisories</title><meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" /><link rel="HOME" title="FreeBSD Handbook" href="index.html" /><link rel="UP" title="Security" href="security.html" /><link rel="PREVIOUS" title="File System Access Control Lists" href="fs-acl.html" /><link rel="NEXT" title="Mandatory Access Control" href="mac.html" /><link rel="STYLESHEET" type="text/css" href="docbook.css" /></head><body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"alink="#0000FF"><div class="NAVHEADER"><table summary="Header navigation table" width="100%" border="0" cellpadding="0"cellspacing="0"><tr><th colspan="3" align="center">FreeBSD Handbook</th></tr><tr><td width="10%" align="left" valign="bottom"><a href="fs-acl.html"accesskey="P">Prev</a></td><td width="80%" align="center" valign="bottom">Chapter 14 Security</td><td width="10%" align="right" valign="bottom"><a href="mac.html"accesskey="N">Next</a></td></tr></table><hr align="LEFT" width="100%" /></div><div class="SECT1"><h1 class="SECT1"><a id="SECURITY-ADVISORIES" name="SECURITY-ADVISORIES">14.14 FreeBSDSecurity Advisories</a></h1><i class="AUTHORGROUP"><span class="CONTRIB">Contributed by</span> Tom Rhodes.</i> <p>Like many production quality operating systems, FreeBSD publishes ``SecurityAdvisories''. These advisories are usually mailed to the security lists and noted in theErrata only after the appropriate releases have been patched. This section will work toexplain what an advisory is, how to understand it, and what measures to take in order topatch a system.</p><div class="SECT2"><h2 class="SECT2"><a id="AEN21814" name="AEN21814">14.14.1 What does an advisory looklike?</a></h2><p>The FreeBSD security advisories look similar to the one below, taken from the <ahref="http://lists.FreeBSD.org/mailman/listinfo/freebsd-security-notifications"target="_top">freebsd-security-notifications</a> mailing list.</p><pre class="PROGRAMLISTING">=============================================================================FreeBSD-SA-XX:XX.UTIL Security Advisory The FreeBSD ProjectTopic: denial of service due to some problem<a id="CO-TOPIC"name="CO-TOPIC"><img src="./imagelib/callouts/1.png" hspace="0" vspace="0" border="0"alt="(1)" /></a>Category: core<a id="CO-CATEGORY" name="CO-CATEGORY"><imgsrc="./imagelib/callouts/2.png" hspace="0" vspace="0" border="0" alt="(2)" /></a>Module: sys<a id="CO-MODULE" name="CO-MODULE"><imgsrc="./imagelib/callouts/3.png" hspace="0" vspace="0" border="0" alt="(3)" /></a>Announced: 2003-09-23<a id="CO-ANNOUNCE" name="CO-ANNOUNCE"><imgsrc="./imagelib/callouts/4.png" hspace="0" vspace="0" border="0" alt="(4)" /></a>Credits: Person@EMAIL-ADDRESS<a id="CO-CREDIT" name="CO-CREDIT"><imgsrc="./imagelib/callouts/5.png" hspace="0" vspace="0" border="0" alt="(5)" /></a>Affects: All releases of FreeBSD<a id="CO-AFFECTS" name="CO-AFFECTS"><imgsrc="./imagelib/callouts/6.png" hspace="0" vspace="0" border="0" alt="(6)" /></a> FreeBSD 4-STABLE prior to the correction dateCorrected: 2003-09-23 16:42:59 UTC (RELENG_4, 4.9-PRERELEASE) 2003-09-23 20:08:42 UTC (RELENG_5_1, 5.1-RELEASE-p6) 2003-09-23 20:07:06 UTC (RELENG_5_0, 5.0-RELEASE-p15) 2003-09-23 16:44:58 UTC (RELENG_4_8, 4.8-RELEASE-p8) 2003-09-23 16:47:34 UTC (RELENG_4_7, 4.7-RELEASE-p18) 2003-09-23 16:49:46 UTC (RELENG_4_6, 4.6-RELEASE-p21) 2003-09-23 16:51:24 UTC (RELENG_4_5, 4.5-RELEASE-p33) 2003-09-23 16:52:45 UTC (RELENG_4_4, 4.4-RELEASE-p43) 2003-09-23 16:54:39 UTC (RELENG_4_3, 4.3-RELEASE-p39)<a id="CO-CORRECTED"name="CO-CORRECTED"><img src="./imagelib/callouts/7.png" hspace="0" vspace="0" border="0"alt="(7)" /></a>FreeBSD only: NO<a id="CO-ONLY" name="CO-ONLY"><img src="./imagelib/callouts/8.png"hspace="0" vspace="0" border="0" alt="(8)" /></a>For general information regarding FreeBSD Security Advisories,including descriptions of the fields above, security branches, and thefollowing sections, please visithttp://www.FreeBSD.org/security/.I. Background<a id="CO-BACKROUND" name="CO-BACKROUND"><imgsrc="./imagelib/callouts/9.png" hspace="0" vspace="0" border="0" alt="(9)" /></a>II. Problem Description<a id="CO-DESCRIPT" name="CO-DESCRIPT"><imgsrc="./imagelib/callouts/10.png" hspace="0" vspace="0" border="0" alt="(10)" /></a>III. Impact<a id="CO-IMPACT" name="CO-IMPACT"><b>(11)</b></a>IV. Workaround<a id="CO-WORKAROUND" name="CO-WORKAROUND"><b>(12)</b></a>V. Solution<a id="CO-SOLUTION" name="CO-SOLUTION"><b>(13)</b></a>VI. Correction details<a id="CO-DETAILS" name="CO-DETAILS"><b>(14)</b></a>VII. References<a id="CO-REF" name="CO-REF"><b>(15)</b></a></pre><div class="CALLOUTLIST"><dl compact="COMPACT"><dt><a href="security-advisories.html#CO-TOPIC"><img src="./imagelib/callouts/1.png"hspace="0" vspace="0" border="0" alt="(1)" /></a></dt><dd>The <var class="LITERAL">Topic</var> field indicates exactly what the problem is. Itis basically an introduction to the current security advisory and notes the utility withthe vulnerability.</dd><dt><a href="security-advisories.html#CO-CATEGORY"><img src="./imagelib/callouts/2.png"hspace="0" vspace="0" border="0" alt="(2)" /></a></dt><dd>The <var class="LITERAL">Category</var> refers to the affected part of the systemwhich may be one of <var class="LITERAL">core</var>, <var class="LITERAL">contrib</var>,or <var class="LITERAL">ports</var>. The <var class="LITERAL">core</var> category meansthat the vulnerability affects a core component of the FreeBSD operating system. The <varclass="LITERAL">contrib</var> category means that the vulnerability affects softwarecontributed to the FreeBSD Project, such as <b class="APPLICATION">sendmail</b>. Finallythe <var class="LITERAL">ports</var> category indicates that the vulnerability affectsadd on software available as part of the ports collection.</dd><dt><a href="security-advisories.html#CO-MODULE"><img src="./imagelib/callouts/3.png"hspace="0" vspace="0" border="0" alt="(3)" /></a></dt><dd>The <var class="LITERAL">Module</var> field refers to the component location, forinstance <var class="LITERAL">sys</var>. In this example, we see that the module, <varclass="LITERAL">sys</var>, is affected; therefore, this vulnerability affects a componentused within the kernel.</dd><dt><a href="security-advisories.html#CO-ANNOUNCE"><img src="./imagelib/callouts/4.png"hspace="0" vspace="0" border="0" alt="(4)" /></a></dt><dd>The <var class="LITERAL">Announced</var> field reflects the date said securityadvisory was published, or announced to the world. This means that the security team hasverified that the problem does exist and that a patch has been committed to the FreeBSDsource code repository.</dd><dt><a href="security-advisories.html#CO-CREDIT"><img src="./imagelib/callouts/5.png"hspace="0" vspace="0" border="0" alt="(5)" /></a></dt><dd>The <var class="LITERAL">Credits</var> field gives credit to the individual ororganization who noticed the vulnerability and reported it.</dd><dt><a href="security-advisories.html#CO-AFFECTS"><img src="./imagelib/callouts/6.png"hspace="0" vspace="0" border="0" alt="(6)" /></a></dt><dd>The <var class="LITERAL">Affects</var> field explains which releases of FreeBSD areaffected by this vulnerability. For the kernel, a quick look over the output from <ttclass="COMMAND">ident</tt> on the affected files will help in determining the revision.For ports, the version number is listed after the port name in <ttclass="FILENAME">/var/db/pkg</tt>. If the system does not sync with the FreeBSD <acronymclass="ACRONYM">CVS</acronym> repository and rebuild daily, chances are that it isaffected.</dd><dt><a href="security-advisories.html#CO-CORRECTED"><img src="./imagelib/callouts/7.png"hspace="0" vspace="0" border="0" alt="(7)" /></a></dt><dd>The <var class="LITERAL">Corrected</var> field indicates the date, time, time offset,and release that was corrected.</dd><dt><a href="security-advisories.html#CO-ONLY"><img src="./imagelib/callouts/8.png"hspace="0" vspace="0" border="0" alt="(8)" /></a></dt><dd>The <var class="LITERAL">FreeBSD only</var> field indicates whether thisvulnerability affects just FreeBSD, or if it affects other operating systems aswell.</dd><dt><a href="security-advisories.html#CO-BACKROUND"><img src="./imagelib/callouts/9.png"hspace="0" vspace="0" border="0" alt="(9)" /></a></dt><dd>The <var class="LITERAL">Background</var> field gives information on exactly what theaffected utility is. Most of the time this is why the utility exists in FreeBSD, what itis used for, and a bit of information on how the utility came to be.</dd><dt><a href="security-advisories.html#CO-DESCRIPT"><img src="./imagelib/callouts/10.png"hspace="0" vspace="0" border="0" alt="(10)" /></a></dt><dd>The <var class="LITERAL">Problem Description</var> field explains the security holein depth. This can include information on flawed code, or even how the utility could bemaliciously used to open a security hole.</dd><dt><a href="security-advisories.html#CO-IMPACT"><b>(11)</b></a></dt><dd>The <var class="LITERAL">Impact</var> field describes what type of impact the problemcould have on a system. For example, this could be anything from a denial of serviceattack, to extra privileges available to users, or even giving the attacker superuseraccess.</dd><dt><a href="security-advisories.html#CO-WORKAROUND"><b>(12)</b></a></dt><dd>The <var class="LITERAL">Workaround</var> field offers a feasible workaround tosystem administrators who may be incapable of upgrading the system. This may be due totime constraints, network availability, or a slew of other reasons. Regardless, securityshould not be taken lightly, and an affected system should either be patched or thesecurity hole workaround should be implemented.</dd><dt><a href="security-advisories.html#CO-SOLUTION"><b>(13)</b></a></dt><dd>The <var class="LITERAL">Solution</var> field offers instructions on patching theaffected system. This is a step by step tested and verified method for getting a systempatched and working securely.</dd><dt><a href="security-advisories.html#CO-DETAILS"><b>(14)</b></a></dt><dd>The <var class="LITERAL">Correction Details</var> field displays the <acronymclass="ACRONYM">CVS</acronym> branch or release name with the periods changed tounderscore characters. It also shows the revision number of the affected files withineach branch.</dd><dt><a href="security-advisories.html#CO-REF"><b>(15)</b></a></dt><dd>The <var class="LITERAL">References</var> field usually offers sources of otherinformation. This can included web <acronym class="ACRONYM">URL</acronym>s, books,mailing lists, and newsgroups.</dd></dl></div></div></div><div class="NAVFOOTER"><hr align="LEFT" width="100%" /><table summary="Footer navigation table" width="100%" border="0" cellpadding="0"cellspacing="0"><tr><td width="33%" align="left" valign="top"><a href="fs-acl.html"accesskey="P">Prev</a></td><td width="34%" align="center" valign="top"><a href="index.html"accesskey="H">Home</a></td><td width="33%" align="right" valign="top"><a href="mac.html" accesskey="N">Next</a></td></tr><tr><td width="33%" align="left" valign="top">File System Access Control Lists</td><td width="34%" align="center" valign="top"><a href="security.html"accesskey="U">Up</a></td><td width="33%" align="right" valign="top">Mandatory Access Control</td></tr></table></div><p align="center"><small>This, and other documents, can be downloaded from <ahref="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/</a>.</small></p><p align="center"><small>For questions about FreeBSD, read the <ahref="http://www.FreeBSD.org/docs.html">documentation</a> before contacting <<ahref="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>>.<br />For questions about this documentation, e-mail <<ahref="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>>.</small></p></body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -