184 lines
		
	
	
	
		
			6.1 KiB
		
	
	
	
		
			XML
		
	
	
	
	
	
			
		
		
	
	
			184 lines
		
	
	
	
		
			6.1 KiB
		
	
	
	
		
			XML
		
	
	
	
	
	
| <?xml version="1.0" encoding="iso-8859-1"?>
 | |
| <!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
 | |
| "http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [
 | |
| <!ENTITY title "FreeBSD Security Information">
 | |
| ]>
 | |
| <!-- $FreeBSD$ -->
 | |
| 
 | |
| <html xmlns="http://www.w3.org/1999/xhtml">
 | |
|   <head>
 | |
|       <title>&title;</title>
 | |
| 
 | |
|       <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
 | |
|     </head>
 | |
| 
 | |
|     <body class="navinclude.support">
 | |
| 
 | |
|   <h2>Introduction</h2>
 | |
| 
 | |
|   <p>FreeBSD takes security very seriously and its developers are
 | |
|     constantly working on making the operating system as secure as
 | |
|     possible. This page will provide information about what to do in
 | |
|     the event of a security vulnerability affecting your system, and
 | |
|     how to report vulnerabilities.</p>
 | |
| 
 | |
|   <h2>Table of Contents</h2>
 | |
| 
 | |
|   <ul>
 | |
|     <li><a href="#recent">Recent FreeBSD security vulnerabilities</a></li>
 | |
|     <li><a href="#how">How to update your system</a></li>
 | |
|     <li><a href="reporting.html">Reporting FreeBSD security incidents</a></li>
 | |
|   </ul>
 | |
| 
 | |
|   <a name="recent"></a>
 | |
|   <h2>Recent FreeBSD security vulnerabilities</h2>
 | |
| 
 | |
|   <p>A full list of all security vulnerabilities can be found <a
 | |
|       href="advisories.html">on this page</a>.</p>
 | |
| 
 | |
|   <a name="how"></a>
 | |
|   <h2>How to update your system</h2>
 | |
| 
 | |
|   <p>For most users, the easiest way to update your supported &os;
 | |
|     &rel.current; or &rel2.current; system is to use the following
 | |
|     commands:</p>
 | |
| 
 | |
|   <tt># freebsd-update fetch<br />
 | |
|     # freebsd-update install</tt>
 | |
| 
 | |
|   <p>If that fails, follow the other instructions in the security
 | |
|     advisory you care about.</p>
 | |
| 
 | |
|   <a name="sup"></a>
 | |
|   <h2>Supported FreeBSD releases</h2>
 | |
| 
 | |
|   <p>The current designation and estimated lifetimes of the currently
 | |
|     supported branches are given below.  The <em>Estimated EoL
 | |
|     (end-of-life)</em> column gives the earliest date on which that
 | |
|     branch is likely to be dropped.  Please note that these dates may
 | |
|     be extended into the future, but only extenuating circumstances
 | |
|     would lead to a branch's support being dropped earlier than the
 | |
|     date listed.</p>
 | |
| 
 | |
|   <!--
 | |
|       Please also update head/en_US.ISO8859-1/htdocs/releng/index.xml
 | |
|       when updating this list of supported branches.
 | |
|   -->
 | |
|   <table class="tblbasic">
 | |
|     <tr>
 | |
|       <th>Branch</th>
 | |
|       <th>Release</th>
 | |
|       <th>Type</th>
 | |
|       <th>Release Date</th>
 | |
|       <th>Estimated EoL</th>
 | |
|     </tr>
 | |
|     <tr>
 | |
|       <td>RELENG_8</td>
 | |
|       <td>n/a</td>
 | |
|       <td>n/a</td>
 | |
|       <td>n/a</td>
 | |
|       <td>last release + 2 years</td>
 | |
|     </tr>
 | |
|     <tr>
 | |
|       <td>RELENG_8_4</td>
 | |
|       <td>8.4-RELEASE</td>
 | |
|       <td>Extended</td>
 | |
|       <td>June 9, 2013</td>
 | |
|       <td>June 30, 2015</td>
 | |
|     </tr>
 | |
|     <tr>
 | |
|       <td>RELENG_8_3</td>
 | |
|       <td>8.3-RELEASE</td>
 | |
|       <td>Extended</td>
 | |
|       <td>April 18, 2012</td>
 | |
|       <td>April 30, 2014</td>
 | |
|     </tr>
 | |
|     <tr>
 | |
|       <td>RELENG_9</td>
 | |
|       <td>n/a</td>
 | |
|       <td>n/a</td>
 | |
|       <td>n/a</td>
 | |
|       <td>last release + 2 years</td>
 | |
|     </tr>
 | |
|     <tr>
 | |
|       <td>RELENG_9_1</td>
 | |
|       <td>9.1-RELEASE</td>
 | |
|       <td>Extended</td>
 | |
|       <td>December 30, 2012</td>
 | |
|       <td>December 31, 2014</td>
 | |
|     </tr>
 | |
|   </table>
 | |
| 
 | |
|   <p>Older releases are not maintained and users are strongly
 | |
|     encouraged to upgrade to one of the supported releases mentioned
 | |
|     above.  A list of unsupported releases can be found <a
 | |
|       href="unsupported.html">here</a>.</p>
 | |
| 
 | |
|   <p>Advisories are sent to the following FreeBSD mailing lists:</p>
 | |
|   <ul>
 | |
|     <li>FreeBSD-security-notifications@FreeBSD.org</li>
 | |
|     <li>FreeBSD-security@FreeBSD.org</li>
 | |
|     <li>FreeBSD-announce@FreeBSD.org</li>
 | |
|   </ul>
 | |
| 
 | |
|   <p>The list of released advisories can be found on the <a
 | |
|       href="advisories.html">FreeBSD Security Advisories</a> page.</p>
 | |
| 
 | |
|   <p>Advisories are always signed using the FreeBSD Security Officer
 | |
|     <a href="so_public_key.asc">PGP
 | |
|       key</a> and are archived, along with their associated patches, at
 | |
|     the <a href="http://security.FreeBSD.org/">http://security.FreeBSD.org/</a>
 | |
|     web server in the <a
 | |
|       href="http://security.FreeBSD.org/advisories/">advisories</a> and <a
 | |
|       href="http://security.FreeBSD.org/patches/">patches</a>
 | |
|     subdirectories.</p>
 | |
| 
 | |
|   <p>The FreeBSD Security Officer provides security advisories for
 | |
|     <em>-STABLE Branches</em> and the <em>Security Branches</em>.
 | |
|     (Advisories are not issued for the <em>-CURRENT Branch</em>.)</p>
 | |
| 
 | |
|   <ul>
 | |
|     <li><p>The -STABLE branch tags have
 | |
|       names like <tt>RELENG_9</tt>.  The corresponding builds have
 | |
|       names like <tt>FreeBSD 9.1-STABLE</tt>.</p></li>
 | |
| 
 | |
|     <li><p>Each FreeBSD Release has an associated Security Branch.
 | |
|       The Security Branch tags have names like <tt>RELENG_9_1</tt>.
 | |
|       The corresponding builds have names like <tt>FreeBSD
 | |
|       9.1-RELEASE-p1</tt>.</p></li>
 | |
|   </ul>
 | |
| 
 | |
|   <p>Issues affecting the FreeBSD Ports Collection are covered in <a
 | |
|       href="http://vuxml.FreeBSD.org/">the FreeBSD VuXML
 | |
|       document</a>.</p>
 | |
| 
 | |
|   <p>Each branch is supported by the Security Officer for a limited
 | |
|     time only, and is designated as one of `<em>Early adopter</em>',
 | |
|     `<em>Normal</em>', or `<em>Extended</em>'.  The designation is
 | |
|     used as a guideline for determining the lifetime of the branch as
 | |
|     follows.</p>
 | |
| 
 | |
|   <dl>
 | |
|     <dt>Early adopter</dt>
 | |
|     <dd>Releases which are published from the -CURRENT branch will be
 | |
|       supported by the Security Officer for a minimum of 6 months after
 | |
|       the release.</dd>
 | |
|     <dt>Normal</dt>
 | |
|     <dd>Releases which are published from a -STABLE branch will be
 | |
|       supported by the Security Officer for a minimum of 12 months after the
 | |
|       release, and for sufficient additional time (if needed) to ensure
 | |
|       that there is a newer release for at least 3 months before the
 | |
|       older Normal release expires.
 | |
|     </dd>
 | |
|     <dt>Extended</dt>
 | |
|     <dd>Selected releases (normally every second release plus the last
 | |
|       release from each -STABLE branch) will be supported by the
 | |
|       Security Officer for a minimum of 24 months after the release,
 | |
|       and for sufficient additional time (if needed) to ensure that
 | |
|       there is a newer Extended release for at least 3 months before the
 | |
|       older Extended release expires.
 | |
|     </dd>
 | |
|   </dl>
 | |
| 
 | |
| </body>
 | |
| </html>
 |