Upgrade your services packs!

[interfasys]

Here are some old and vulnerable applications listed in the latest DA services pack for FreeBSD:
Mail-SpamAssassin-2.55.tar.gz
phpMyAdmin-2.5.6.tar.gz
squirrelmail-1.4.2.tar.gz

The stable and secure versions are:
Mail-SpamAssassin-3.03.tar.gz
phpMyAdmin-2.6.2.tar.gz
squirrelmail-1.4.4.tar.gz

 

[bjseiler]

Is there a script somewhere that could be run to check and see which of your DA service packs is out of date?

What I mean is something like in the ports system where after you cvsup the ports, you can cd into /usr/ports, run "make fetchindex", and then run "pkg_version -L =" to see what is out of date.

 

[dennisc]

That is, again, the reason they should use ports and portaudit as well.

This is what happens if a security flaw is found and it's how it should be IMHO:

eclipse# cd /usr/ports/ftp/wget; make install distclean
===> wget-1.8.2_7 has known vulnerabilities:
=> wget -- multiple vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/06f142ff-4df3-11d9-a9e7-0001020eed82.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/ftp/wget.