George Mitchell
2024-02-16 13:48:34 UTC
For a complicated reason, I avoid "freebsd-update" and update the
kernel and the world from source.
Given that perhaps I am an idiot, nevertheless I addressed this
particular security advisory by updating my /usr/src tree, and
(having observed what files were updated) running:
cd /usr/src/lib/libutil
make
make install
cd /usr/src/usr.sbin/bhyveload
make
make install
cp -p /usr/src/usr.sbin/periodic/etc/daily/480.leapfile-ntpd \
/etc/periodic/daily/480.leapfile-ntpd
So I think I have the appropriate stuff installed now, though of
course freebsd-version -u still reports 13.2-RELEASE-p9 instead of
-p10, and the daily security run says:
FreeBSD-13.2_9 is vulnerable:
FreeBSD -- bhyveload(8) host file access
CVE: CVE-2024-25940
WWW:
https://vuxml.FreeBSD.org/freebsd/c62285cb-cb46-11ee-b609-002590c1f29c.html
Is there a hack that lets me fool freebsd-version into reporting -p10
instead of -p9? -- George
P.S. Feel free to scold me for stupidly trying to do things the wrong
way.
kernel and the world from source.
Given that perhaps I am an idiot, nevertheless I addressed this
particular security advisory by updating my /usr/src tree, and
(having observed what files were updated) running:
cd /usr/src/lib/libutil
make
make install
cd /usr/src/usr.sbin/bhyveload
make
make install
cp -p /usr/src/usr.sbin/periodic/etc/daily/480.leapfile-ntpd \
/etc/periodic/daily/480.leapfile-ntpd
So I think I have the appropriate stuff installed now, though of
course freebsd-version -u still reports 13.2-RELEASE-p9 instead of
-p10, and the daily security run says:
FreeBSD-13.2_9 is vulnerable:
FreeBSD -- bhyveload(8) host file access
CVE: CVE-2024-25940
WWW:
https://vuxml.FreeBSD.org/freebsd/c62285cb-cb46-11ee-b609-002590c1f29c.html
Is there a hack that lets me fool freebsd-version into reporting -p10
instead of -p9? -- George
P.S. Feel free to scold me for stupidly trying to do things the wrong
way.