Re: Unable to update to 14.1-p6
- In reply to: Dag-Erling_Smørgrav : "Re: Unable to update to 14.1-p6"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Nov 2024 15:40:44 UTC
On Mon, Nov 18, 2024 at 3:48 AM Dag-Erling Smørgrav <des@freebsd.org> wrote: > Kevin Oberman <rkoberman@gmail.com> writes: > > I am running 14.1-p5 and get a daily message that I have a kernel > security vulnerability: > > Checking for security vulnerabilities in base (userland & kernel): > > Fetching vuln.xml.xz: .......... done > > FreeBSD-kernel-14.1_5 is vulnerable: > > FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer > > CVE: CVE-2024-39281 > > WWW: > https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html > > It's a false positive. The advisory only affected the ctl driver, which > is not included in the GENERIC kernel, therefore the kernel itself was > not updated and does not reflect the patch level. > > DES > -- > Dag-Erling Smørgrav - des@FreeBSD.org > Thanks! This has happened before but I don't recall the warning in the periodic report. It is, indeed, a tricky problem. At least a note in UPDATING when there is a security update to a non-GENERIC module would be a good idea as well as a note in the Security Advisory. -- Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683