| The Topic field specifies the
problem. It provides an introduction to the security
advisory and notes the utility affected by the
vulnerability. |
| The Category refers to the
affected part of the system which may be one of
core , contrib , or
ports . The core
category means that the vulnerability affects a core
component of the FreeBSD operating system. The
contrib category means that the
vulnerability affects software contributed to the FreeBSD
Project, such as Sendmail.
The ports category indicates that the
vulnerability affects add on software available through
the Ports Collection. |
| The Module field refers to the
component location. In this example, the
sys module is affected; therefore, this
vulnerability affects a component used within the
kernel. |
| The Announced field reflects the
date the security advisory was published, or announced
to the world. This means that the security team has
verified that the problem exists and that a patch has
been committed to the FreeBSD source code repository. |
| The Credits field gives credit to
the individual or organization who noticed the
vulnerability and reported it. |
| The Affects field explains which
releases of FreeBSD are affected by this vulnerability.
For the kernel, a quick look over the output from
ident(1) on the affected files will help in
determining the revision. For ports, the version number
is listed after the port name in /var/db/pkg . If the
system does not sync with the FreeBSD Subversion repository
and is not rebuilt daily, chances are that it is
affected. |
| The Corrected field indicates the
date, time, time offset, and release that was
corrected. |
| Reserved for the identification information used to
look up vulnerabilities in the Common Vulnerabilities
and Exposures database. |
| The Background field gives
information about the affected utility. Most of the time
this is why the utility exists in FreeBSD, what it is used
for, and a bit of information on how the utility came to
be. |
| The Problem Description field
explains the security hole in depth. This can include
information on flawed code, or even how the utility
could be maliciously used to open a security hole. |
| The Impact field describes what
type of impact the problem could have on a system. For
example, this could be anything from a denial of service
attack, to extra privileges available to users, or even
giving the attacker superuser access. |
| The Workaround field offers a
workaround to system administrators who cannot
upgrade the system due to time constraints, network
availability, or other reasons. Security should not be
taken lightly, and an affected system should either be
patched or the workaround implemented. |
| The Solution field offers
instructions for patching the affected system. This is a
step by step tested and verified method for getting a
system patched and working securely. |
| The Correction Details field
displays the Subversion branch or release name with the
periods changed to underscore characters. It also shows
the revision number of the affected files within each
branch. |
| The References field usually
offers sources of other information. This can include
web URLs, books, mailing lists, and
newsgroups. |