Re: FreeBSD Security Advisory FreeBSD-SA-24:01.bhyveload
- Reply: George Mitchell : "Re: FreeBSD Security Advisory FreeBSD-SA-24:01.bhyveload"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 16 Feb 2024 13:48:34 UTC
For a complicated reason, I avoid "freebsd-update" and update the kernel and the world from source. Given that perhaps I am an idiot, nevertheless I addressed this particular security advisory by updating my /usr/src tree, and (having observed what files were updated) running: cd /usr/src/lib/libutil make make install cd /usr/src/usr.sbin/bhyveload make make install cp -p /usr/src/usr.sbin/periodic/etc/daily/480.leapfile-ntpd \ /etc/periodic/daily/480.leapfile-ntpd So I think I have the appropriate stuff installed now, though of course freebsd-version -u still reports 13.2-RELEASE-p9 instead of -p10, and the daily security run says: FreeBSD-13.2_9 is vulnerable: FreeBSD -- bhyveload(8) host file access CVE: CVE-2024-25940 WWW: https://vuxml.FreeBSD.org/freebsd/c62285cb-cb46-11ee-b609-002590c1f29c.html Is there a hack that lets me fool freebsd-version into reporting -p10 instead of -p9? -- George P.S. Feel free to scold me for stupidly trying to do things the wrong way.