Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Cameron Blackwood" <korg@...>
Subject: Re: Kernels and GLSAs
Date: Thu, 22 Sep 2005 11:39:55 +1000
Calum writes:
  |
  | Brian G. Peterson wrote:
  | 
  | > I subscribe to the GLSA RSS feed, and scan that feed manually against my 
  | > installed software list.  The glsa-check tool is basically useless (as of
  |  
  | > gentoolkit-0.2.1_pre7), as it shows all GLSAs rather than just GLSAs for 
  | > tools that correspond to packages installed on the system it is run on.
  | 
  | I run glsa-check -l | grep '\[N\]' in a cron, and have the results
  | emailed to me at a central email address.

Time for me to make a fool of myself ;). Ive been running


 |  emerge -uD world -pv 


to look for updates and I was a little surprised at the following....



 |  # emerge -uD world -pv
 |  
 |  These are the packages that I would merge, in order:
 |  
 |  Calculating world dependencies ...done!
 |  [ebuild     U ] sys-devel/libperl-5.8.7 [5.8.6-r1] +berkdb -debug +gdbm -ithreads 9,608 kB
 |  [ebuild     U ] dev-lang/perl-5.8.7-r1 [5.8.6-r5] +berkdb -build -debug -doc +gdbm -ithreads -minimal -perlsuid 0 kB
 |  
 |  Total size of downloads: 9,608 kB


Which doesnt list.......


 |  # glsa-check -l |& grep '\[N\]'
 |  [N] indicates that the system might be affected.
 |  200507-16 [N] dhcpcd: Denial of Service vulnerability ( net-misc/dhcpcd )


but if I check the package by directly it does need an update (and
quite badly it seems)...


 |  # emerge -pv dhcpcd
 |  
 |  These are the packages that I would merge, in order:
 |  
 |  Calculating dependencies ...done!
 |  [ebuild     U ] net-misc/dhcpcd-2.0.0 [1.3.22_p4-r5] -build -debug -static 119 kB 
 |  
 |  Total size of downloads: 119 kB



Huh? Have I just foolishly assumed that emerge world checks all packages?
Is there some 'better' way to list all packages that need updates
both security and normal (and I missed it)?

I thought it might just have been me (running ppc64), but I notice my
friends intel box has exactly the same problem, right down to the same
version of dhcpcd.

Ok, I just checked the security handbook and it only mentions
glsa-check. Ok, its probably my bad... but shouldnt emerge world
merge security updates too?


cheers,
cam


--
 / `Rev Dr'   cam  at darkqueen.org            Roleplaying, virtual goth \
<   http://darkqueen.org        Poly, *nix, Python, C/C++, genetics, ATM  >
 \  [+61 3] 9809 1523[h]         skeptic, Evil GM(tm). Sysadmin for hire /
                      ---------- Random Quote ----------
Excellent day for drinking heavily.  Spike the office water cooler.
-- 
gentoo-security@g.o mailing list


Replies:
Re: Kernels and GLSAs
-- Willie Wong
Re: Kernels and GLSAs
-- Jason Stubbs
References:
Re: Kernels and GLSAs
-- Calum
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Kernels and GLSAs
Next by thread:
Re: Kernels and GLSAs
Previous by date:
Re: Kernels and GLSAs
Next by date:
Re: Kernels and GLSAs


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.