Date: Wed, 13 Dec 2023 12:24:48 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 275743] Spurious "TCP spoofing vulnerability in pf" warning from 405.pkg-base-audit after updating to 12.4-RELEASE-p9 Message-ID: <bug-275743-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275743 Bug ID: 275743 Summary: Spurious "TCP spoofing vulnerability in pf" warning from 405.pkg-base-audit after updating to 12.4-RELEASE-p9 Product: Base System Version: 12.4-RELEASE Hardware: i386 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: martin@lispworks.com Created attachment 247028 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D247028&action= =3Dedit Output from "freebsd-update fetch install" updating to 12.4-RELEASE-p9 Even after using "freebsd-update fetch install" to update to 12.4-RELEASE-p9 (see attached output), the script /usr/local/etc/periodic/security/405.pkg-base-audit still reports: Checking for security vulnerabilities in base (userland & kernel): Fetching vuln.xml.xz: .......... done FreeBSD-kernel-12.4_6 is vulnerable: FreeBSD -- TCP spoofing vulnerability in pf(4) CVE: CVE-2023-6534 WWW: https://vuxml.FreeBSD.org/freebsd/9cbbc506-93c1-11ee-8e38-002590c1f29c.html I don't see this on amd64 systems. The difference between them seems to be that the kernel was not updated on this i386 system, so it is still on p6 e= ven though /boot/kernel/pf.ko was updated. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275743-227>