Gentoo Archives: gentoo-security

From: Cameron Blackwood <korg@×××××××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernels and GLSAs
Date: Thu, 22 Sep 2005 01:45:30
Message-Id: 20050922013955.64F34540DC@firewall.darkqueen.org
1 Calum writes:
2 |
3 | Brian G. Peterson wrote:
4 |
5 | > I subscribe to the GLSA RSS feed, and scan that feed manually against my
6 | > installed software list. The glsa-check tool is basically useless (as of
7 |
8 | > gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just GLSAs for
9 | > tools that correspond to packages installed on the system it is run on.
10 |
11 | I run glsa-check -l | grep '\[N\]' in a cron, and have the results
12 | emailed to me at a central email address.
13
14 Time for me to make a fool of myself ;). Ive been running
15
16
17 | emerge -uD world -pv
18
19
20 to look for updates and I was a little surprised at the following....
21
22
23
24 | # emerge -uD world -pv
25 |
26 | These are the packages that I would merge, in order:
27 |
28 | Calculating world dependencies ...done!
29 | [ebuild U ] sys-devel/libperl-5.8.7 [5.8.6-r1] +berkdb -debug +gdbm -ithreads 9,608 kB
30 | [ebuild U ] dev-lang/perl-5.8.7-r1 [5.8.6-r5] +berkdb -build -debug -doc +gdbm -ithreads -minimal -perlsuid 0 kB
31 |
32 | Total size of downloads: 9,608 kB
33
34
35 Which doesnt list.......
36
37
38 | # glsa-check -l |& grep '\[N\]'
39 | [N] indicates that the system might be affected.
40 | 200507-16 [N] dhcpcd: Denial of Service vulnerability ( net-misc/dhcpcd )
41
42
43 but if I check the package by directly it does need an update (and
44 quite badly it seems)...
45
46
47 | # emerge -pv dhcpcd
48 |
49 | These are the packages that I would merge, in order:
50 |
51 | Calculating dependencies ...done!
52 | [ebuild U ] net-misc/dhcpcd-2.0.0 [1.3.22_p4-r5] -build -debug -static 119 kB
53 |
54 | Total size of downloads: 119 kB
55
56
57
58 Huh? Have I just foolishly assumed that emerge world checks all packages?
59 Is there some 'better' way to list all packages that need updates
60 both security and normal (and I missed it)?
61
62 I thought it might just have been me (running ppc64), but I notice my
63 friends intel box has exactly the same problem, right down to the same
64 version of dhcpcd.
65
66 Ok, I just checked the security handbook and it only mentions
67 glsa-check. Ok, its probably my bad... but shouldnt emerge world
68 merge security updates too?
69
70
71 cheers,
72 cam
73
74
75 --
76 / `Rev Dr' cam at darkqueen.org Roleplaying, virtual goth \
77 < http://darkqueen.org Poly, *nix, Python, C/C++, genetics, ATM >
78 \ [+61 3] 9809 1523[h] skeptic, Evil GM(tm). Sysadmin for hire /
79 ---------- Random Quote ----------
80 Excellent day for drinking heavily. Spike the office water cooler.
81 --
82 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Kernels and GLSAs Jason Stubbs <jstubbs@××××××××××.jp>
Re: [gentoo-security] Kernels and GLSAs Willie Wong <wwong@×××××××××.EDU>