os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/en_US.ISO8859-1/htdocs/security/security.xml
Glen Barber 6f8719ccfe Document 10.4-RELEASE has reached end of life. 
Sponsored by:	The FreeBSD Foundation
2018-11-01 16:52:13 +00:00

215 lines
7.5 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
"http://www.FreeBSD.org/XML/share/xml/xhtml10-freebsd.dtd" [
<!ENTITY title "FreeBSD Security Information">
]>
<!-- $FreeBSD$ -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>&title;</title>
<cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
</head>
<body class="navinclude.support">
<h2>Introduction</h2>
<p>FreeBSD takes security very seriously and its developers are
constantly working on making the operating system as secure as
possible. This page will provide information about what to do in
the event of a security vulnerability affecting your system</p>
<h2>Table of Contents</h2>
<ul>
<li><a href="#reporting">Reporting FreeBSD security
incidents</a></li>
<li><a href="#recent">Recent FreeBSD security
vulnerabilities</a></li>
<li><a href="#advisories">Understanding FreeBSD security
advisories</a></li>
<li><a href="#how">How to update your
system</a></li>
<li><a href="#sup">Supported FreeBSD releases</a></li>
<li><a href="#model">The FreeBSD support model</a></li>
</ul>
<a name="reporting"></a>
<h2>Reporting FreeBSD security incidents</h2>
<p>FreeBSD security issues specific to the base system
should be reported via email to the <a
href="mailto:secteam@FreeBSD.org">FreeBSD Security Team</a>
or, if a higher level of confidentiality is required, via PGP
encrypted email to the <a
href="mailto:security-officer@FreeBSD.org">Security Officer
Team</a>
using the <a href="so_public_key.asc">Security Officer PGP
key</a>.
Additional information can be found at the <a
href="reporting.html">reporting FreeBSD security incidents</a>
page.</p>
<a name="recent"></a>
<h2>Recent FreeBSD security vulnerabilities</h2>
<p>A full list of all security vulnerabilities affecting the base
system can be found <a href="advisories.html">on this
page</a>.</p>
<a name="advisories"></a>
<h2>Understanding FreeBSD security advisories</h2>
<p>Advisories affecting the base system are sent to the following
mailing lists:</p>
<ul>
<li>FreeBSD-security-notifications@FreeBSD.org</li>
<li>FreeBSD-security@FreeBSD.org</li>
<li>FreeBSD-announce@FreeBSD.org</li>
</ul>
<p>The list of released advisories can be found on the <a
href="advisories.html">FreeBSD Security Advisories</a> page.</p>
<p>Advisories are always signed using the FreeBSD Security Officer
<a href="so_public_key.asc">PGP key</a> and are archived, along
with their associated patches, at the <a
href="http://security.FreeBSD.org/">http://security.FreeBSD.org/</a>
web server in the <a
href="http://security.FreeBSD.org/advisories/">advisories</a>
and <a href="http://security.FreeBSD.org/patches/">patches</a>
subdirectories.</p>
<p>The FreeBSD Security Officer provides security advisories for
<em>-STABLE Branches</em> and the <em>Security Branches</em>.
(Advisories are not issued for the <em>-CURRENT Branch</em>,
which is primarily oriented towards &os; developers.)</p>
<ul>
<li><p>The -STABLE branch tags have names like <tt>stable/10</tt>.
The corresponding builds have names like <tt>FreeBSD
10.1-STABLE</tt>.</p></li>
<li><p>Each FreeBSD Release has an associated Security Branch.
The Security Branch tags have names like <tt>releng/10.1</tt>.
The corresponding builds have names like <tt>FreeBSD
10.1-RELEASE-p4</tt>.</p></li>
</ul>
<p>Issues affecting the FreeBSD Ports Collection are covered
separately in <a href="http://vuxml.FreeBSD.org/">the FreeBSD
VuXML document</a>.</p>
<a name="how"></a>
<h2>How to update your system</h2>
<p>For users that have previously installed a binary version of &os;
(e.g., &rel.current; or &rel2.current;),
commands:</p>
<tt># freebsd-update fetch<br />
# freebsd-update install</tt>
<p>If that fails, follow the other instructions in the security
advisory you care about.</p>
<p>Note that the above procedure is only for users who have
previously installed a binary distribution. Those who have
built from source will need to update their source tree to
upgrade.</p>
<a name="sup"></a>
<h2>Supported FreeBSD releases</h2>
<p>Each release is supported by the Security Officer for a limited
time only.</p>
<p>The designation and expected lifetime of all currently supported
branches
and their respective releases
are given below. The <em>Expected EoL (end-of-life)</em>
column indicates the earliest date on which support for that
branch or release will end. Please note that these dates may be
pushed back if circumstances warrant it.</p>
<p><a href="unsupported.html">Older releases</a>
are not supported and users are strongly
encouraged to upgrade to one of these supported releases:</p>
<!--
Please also update head/en_US.ISO8859-1/htdocs/releng/index.xml
when updating this list of supported branches.
-->
<table class="tblbasic">
<tr>
<th>Branch</th>
<th>Release</th>
<th>Type</th>
<th>Release Date</th>
<th>Expected EoL</th>
</tr>
<tr>
<td>stable/11</td>
<td>n/a</td>
<td>n/a</td>
<td>n/a</td>
<td>September 30, 2021</td>
</tr>
<tr>
<td>releng/11.2</td>
<td>11.2-RELEASE</td>
<td>n/a</td>
<td>June 28, 2018</td>
<td>11.3-RELEASE + 3 months</td>
</tr>
</table>
<p>In the run-up to a release, a number of -BETA and -RC releases
may be published for testing purposes. These releases are only
supported for a few weeks, as resources permit, and will not be
listed as supported on this page. Users are strongly discouraged
from running these releases on production systems.</p>
<a name="model"></a>
<h2>The FreeBSD support model</h2>
<p>Effective &os;&nbsp;11.0-RELEASE, the support model has been
changed to allow more rapid development while also providing
timely security updates for all supported releases.</p>
<p>Under the new support model, each major version's stable branch
is explicitly supported for 5 years, while each individual point
release is only supported for three months after the next point
release.</p>
<p>The details and rationale behind this change can be found in the
<a
href="https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html">official
announcement</a> sent in February 2015.</p>
<p>Previously, branches were designated as either <em>Normal</em> or
<em>Extended</em>. The designation was used as a guideline for
determining the lifetime of the branch as follows:</p>
<dl>
<dt>Normal</dt>
<dd>Releases which are published from a -STABLE branch were
supported by the Security Officer for a minimum of 12 months
after the release, and for sufficient additional time (if
needed) to ensure that there is a newer release for at least
3 months before the older Normal release expires.
</dd>
<dt>Extended</dt>
<dd>Selected releases (normally every second release plus the last
release from each -STABLE branch) were supported by the Security
Officer for a minimum of 24 months after the release, and for
sufficient additional time (if needed) to ensure that there is
a newer Extended release for at least 3 months before the older
Extended release expires.
</dd>
</dl>
</body>
</html>
Reference in a new issue View git blame Copy permalink