After running 'freebsd-update fetch install' on a i386 server, I have this 

[dan@gelt:~] $ freebsd-version -u
[dan@gelt:~] $ freebsd-version -k
[dan@gelt:~] $ 

Why did this not get a new kernel?

I ask because:

[dan@gelt:~] $ sudo /usr/local/etc/periodic/security/405.pkg-base-audit

Checking for security vulnerabilities in base (userland & kernel):
Host system:
Database fetched: Wed Sep 16 07:06:52 UTC 2020
FreeBSD-kernel-12.1_9 is vulnerable:
FreeBSD -- bhyve SVM guest escape
CVE: CVE-2020-7467
WWW: https://vuxml.FreeBSD.org/freebsd/e73c688b-f7e6-11ea-88f8-901b0ef719ab.html

FreeBSD-kernel-12.1_9 is vulnerable:
FreeBSD -- bhyve privilege escalation via VMCS access
CVE: CVE-2020-24718
WWW: https://vuxml.FreeBSD.org/freebsd/2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab.html

FreeBSD-kernel-12.1_9 is vulnerable:
FreeBSD -- ure device driver susceptible to packet-in-packet attack
CVE: CVE-2020-7464
WWW: https://vuxml.FreeBSD.org/freebsd/bb53af7b-f7e4-11ea-88f8-901b0ef719ab.html

3 problem(s) in 1 installed package(s) found.
0 problem(s) in 0 installed package(s) found.

Oh, let's try again:

[dan@slocum:~] $ sudo freebsd-update fetch install
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 12.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 12.1-RELEASE-p10.
No updates are available to install.
[dan@slocum:~] $ 

I've done everything I can

How do I properly patch this i386 server?

For those wondering what I just ran:

[dan@gelt:~] $ pkg which /usr/local/etc/periodic/security/405.pkg-base-audit
/usr/local/etc/periodic/security/405.pkg-base-audit was installed by package 
[dan@gelt:~] $ 

on an amd64 host I have:

[dan@slocum:~] $ freebsd-version -u
[dan@slocum:~] $ freebsd-version -k

Dan Langille
freebsd-stable@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to