Re: Curious Ports Behavior

In reply to: Tim Daneliuk : "Re: Curious Ports Behavior"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Herbert J. Skuhra <herbert_at_gojira.at>
Date: Sun, 12 Jun 2022 21:19:50 UTC

On Sun, Jun 12, 2022 at 03:36:08PM -0500, Tim Daneliuk wrote:
> On 6/12/22 15:32, Herbert J. Skuhra wrote:
> > > I don't want servers running with high severity vulnerabilities ...
> > Run 'pkg audit -F' and try again.
> 
> Well, that fixed it.  Can you please explain how the system might
> get into such a state?
> 
> Should I be running this pkg audit daily?

The original entry in the database contained a wrong range:

-       <range><lt>2.5.54</lt></range>
+       <range><lt>2.4.54</lt></range>

It was fixed in 0bb1abdb2049.

/usr/local/etc/periodic/security/410.pkg-audit should run daily
and update /var/db/pkg/vuln.xml and check for vulnerable packages.

Unfortunately not all my systems fetched the latest file:

-r--r--r--  1 root  wheel  7143257 Jun 10 03:24 /var/db/pkg/vuln.xml

Others in the same network:

-r--r--r--  1 root  wheel  7144777 Jun 11 03:17 /var/db/pkg/vuln.xml

Maybe some FreeBSD mirrors are/were not in sync.

-- 
Herbert