Re: Unable to update to 14.1-p6

From: Mark G. <fbsd.questions_at_palaceofretention.ca>
Date: Sat, 16 Nov 2024 20:02:46 UTC
On 2024-11-16 10:45, Kevin Oberman wrote:
> I am running 14.1-p5 and get a daily message that I have a kernel security vulnerability:
> Checking for security vulnerabilities in base (userland & kernel):
> Fetching vuln.xml.xz: .......... done
> FreeBSD-kernel-14.1_5 is vulnerable:
>    FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
>    CVE: CVE-2024-39281
>    WWW: https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html <https://vuxml.FreeBSD.org/ 
> freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html>
> But attempts to use freebsd-update don't update to p6.
> # freebsd-update fetch
> src component not installed, skipped
> Looking up update.FreeBSD.org <http://update.FreeBSD.org> mirrors... 3 mirrors found.
> Fetching metadata signature for 14.1-RELEASE from update1.freebsd.org... done.
> Fetching metadata index... done.
> Inspecting system... done.
> Preparing to download files... done.
> 
> No updates needed to update system to 14.1-RELEASE-p6.
> # freebsd-update install
> src component not installed, skipped
> No updates are available to install.
> Run 'freebsd-update [options] fetch' first.
> 
> I am baffled. A reboot leaves me at p5, but I can't seem to get p6 as freebsd-update seems to think it's already 
> installed, but freebsd-version shows:
> # freebsd-version -kur
> 14.1-RELEASE-p5
> 14.1-RELEASE-p5
> 14.1-RELEASE-p6
> 
> I could pull down the kernel sources and build it, but that should not be needed.
> -- 
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman@gmail.com <mailto:rkoberman@gmail.com>
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

Hello,

Just a note to say that I am seeing the same thing:

FreeBSD-kernel-14.1_5 is vulnerable:
   FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
   CVE: CVE-2024-39281

% freebsd-version -k
14.1-RELEASE-p5

% freebsd-version -u
14.1-RELEASE-p6

% freebsd-version -r
14.1-RELEASE-p5

% uname -a
FreeBSD desk.example.com 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC amd64

The freebsd-update fetch/install completed successfully except for
the above mismatches, afterwards.

Mark

P.S. I am also seeing this mismatch with 13.3-p7 to 13.3-p8:

FreeBSD-kernel-13.3_7 is vulnerable:
   FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
   CVE: CVE-2024-39281

% freebsd-version -k
13.3-RELEASE-p7

% freebsd-version -u
13.3-RELEASE-p8

% freebsd-version -r
13.3-RELEASE-p7

% uname -a
FreeBSD mail.example.com 13.3-RELEASE-p7 FreeBSD 13.3-RELEASE-p7 GENERIC amd64

Again, the freebsd-update fetch/install worked as usual and won't
find anything given another freebsd-update fetch cycle.