doc/en_US.ISO8859-1/htdocs/security/security.xml
Jason Helfman 69655a3f3f - follow r46381 and sync security page
Differential Revision:	https://reviews.freebsd.org/D2153
Reviewed by:	wblock (mentor)
2015-03-27 16:03:04 +00:00

202 lines
6.7 KiB
XML

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
"http://www.FreeBSD.org/XML/share/xml/xhtml10-freebsd.dtd" [
<!ENTITY title "FreeBSD Security Information">
]>
<!-- $FreeBSD$ -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>&title;</title>
<cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
</head>
<body class="navinclude.support">
<h2>Introduction</h2>
<p>FreeBSD takes security very seriously and its developers are
constantly working on making the operating system as secure as
possible. This page will provide information about what to do in
the event of a security vulnerability affecting your system</p>
<h2>Reporting FreeBSD security incidents</h2>
<p>FreeBSD security issues specific to the operating system
should be reported to the <a
href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a>
or, if a higher level of confidentiality is required, PGP
encrypted to the <a
href="mailto:security-officer@FreeBSD.org">Security Officer
Team</a>
using the <a href="so_public_key.asc">Security Officer PGP
key</a>.
Additional information can be found at the <a
href="reporting.html">reporting FreeBSD security incidents</a>
page.</p>
<h2>Table of Contents</h2>
<ul>
<li><a href="#recent">Recent FreeBSD security vulnerabilities</a></li>
<li><a href="#how">How to update your system</a></li>
</ul>
<a name="recent"></a>
<h2>Recent FreeBSD security vulnerabilities</h2>
<p>A full list of all security vulnerabilities can be found <a
href="advisories.html">on this page</a>.</p>
<a name="how"></a>
<h2>How to update your system</h2>
<p>For most users, the easiest way to update your supported &os;
&rel.current; or &rel2.current; system is to use the following
commands:</p>
<tt># freebsd-update fetch<br />
# freebsd-update install</tt>
<p>If that fails, follow the other instructions in the security
advisory you care about.</p>
<a name="sup"></a>
<h2>Supported FreeBSD releases</h2>
<p>The designation and expected lifetime of all currently supported
branches are given below. The <em>Expected EoL (end-of-life)</em>
column indicates the earliest date on which support for that
branch or release will end. Please note that these dates may be
pushed back if circumstances warrant it.</p>
<!--
Please also update head/en_US.ISO8859-1/htdocs/releng/index.xml
when updating this list of supported branches.
-->
<table class="tblbasic">
<tr>
<th>Branch</th>
<th>Release</th>
<th>Type</th>
<th>Release Date</th>
<th>Expected EoL</th>
</tr>
<tr>
<td>stable/8</td>
<td>n/a</td>
<td>n/a</td>
<td>n/a</td>
<td>June 30, 2015</td>
</tr>
<tr>
<td>releng/8.4</td>
<td>8.4-RELEASE</td>
<td>Extended</td>
<td>June 9, 2013</td>
<td>June 30, 2015</td>
</tr>
<tr>
<td>stable/9</td>
<td>n/a</td>
<td>n/a</td>
<td>n/a</td>
<td>December 31, 2016</td>
</tr>
<tr>
<td>releng/9.3</td>
<td>9.3-RELEASE</td>
<td>Extended</td>
<td>July 16, 2014</td>
<td>December 31, 2016</td>
</tr>
<tr>
<td>stable/10</td>
<td>n/a</td>
<td>n/a</td>
<td>n/a</td>
<td>last release + 2 years</td>
</tr>
<tr>
<td>releng/10.1</td>
<td>10.1-RELEASE</td>
<td>Extended</td>
<td>November 14, 2014</td>
<td>December 31, 2016</td>
</tr>
</table>
<p>Older releases are not maintained and users are strongly
encouraged to upgrade to one of the supported releases mentioned
above. A list of unsupported releases can be found <a
href="unsupported.html">here</a>.</p>
<p>Advisories are sent to the following FreeBSD mailing lists:</p>
<ul>
<li>FreeBSD-security-notifications@FreeBSD.org</li>
<li>FreeBSD-security@FreeBSD.org</li>
<li>FreeBSD-announce@FreeBSD.org</li>
</ul>
<p>The list of released advisories can be found on the <a
href="advisories.html">FreeBSD Security Advisories</a> page.</p>
<p>Advisories are always signed using the FreeBSD Security Officer
<a href="so_public_key.asc">PGP
key</a> and are archived, along with their associated patches, at
the <a href="http://security.FreeBSD.org/">http://security.FreeBSD.org/</a>
web server in the <a
href="http://security.FreeBSD.org/advisories/">advisories</a> and <a
href="http://security.FreeBSD.org/patches/">patches</a>
subdirectories.</p>
<p>The FreeBSD Security Officer provides security advisories for
<em>-STABLE Branches</em> and the <em>Security Branches</em>.
(Advisories are not issued for the <em>-CURRENT Branch</em>.)</p>
<ul>
<li><p>The -STABLE branch tags have
names like <tt>stable/10</tt>. The corresponding builds have
names like <tt>FreeBSD 10.1-STABLE</tt>.</p></li>
<li><p>Each FreeBSD Release has an associated Security Branch.
The Security Branch tags have names like <tt>releng/10.1</tt>.
The corresponding builds have names like <tt>FreeBSD
10.1-RELEASE-p4</tt>.</p></li>
</ul>
<p>Issues affecting the FreeBSD Ports Collection are covered in <a
href="http://vuxml.FreeBSD.org/">the FreeBSD VuXML
document</a>.</p>
<p>Each branch is supported by the Security Officer for a limited
time only, and is designated as either <em>Normal</em> or
<em>Extended</em>. The designation is used as a guideline for
determining the lifetime of the branch as follows:</p>
<dl>
<dt>Normal</dt>
<dd>Releases which are published from a -STABLE branch will be
supported by the Security Officer for a minimum of 12 months after the
release, and for sufficient additional time (if needed) to ensure
that there is a newer release for at least 3 months before the
older Normal release expires.
</dd>
<dt>Extended</dt>
<dd>Selected releases (normally every second release plus the last
release from each -STABLE branch) will be supported by the
Security Officer for a minimum of 24 months after the release,
and for sufficient additional time (if needed) to ensure that
there is a newer Extended release for at least 3 months before the
older Extended release expires.
</dd>
</dl>
<p>In the run-up to a Normal or Extended release, a number of -BETA
and -RC releases may be published. These releases are only
supported for a few weeks, as resources permit, and will not be
listed as supported on this page. Users are strongly discouraged
from running these releases on production systems.</p>
</body>
</html>