FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver

Brett Glass brett at lariat.net
Mon Apr 29 22:31:52 UTC 2013


Please be advised that, when using freebsd-update(8) to install the patch for
this security problem, freebsd-update will move the current kernel to /boot/kernel.old,
and install a new GENERIC kernel in /boot/kernel, even if you have built a custom
kernel and created a copy of the GENERIC kernel in /boot/GENERIC. 

The kernel in /boot/GENERIC is NOT updated, nor are the modules in that directory
updated. What's more, if you did not build modules for your custom kernel, you
will not get copies of the updated NFS modules.

This is probably not the behavior most users who have built custom kernels will
want or expect. (I would have hoped that the GENERIC kernel, its modules, and the
kernel sources would be updated and that I'd be reminded to rebuild my custom kernel
if necessary.)

--Brett Glass

At 02:55 PM 4/29/2013, FreeBSD Security Advisories wrote:
 
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>=============================================================================
>FreeBSD-SA-13:05.nfsserver                                  Security Advisory
>                                                          The FreeBSD Project
>
>Topic:          Insufficient input validation in the NFS server



More information about the freebsd-security mailing list