Date: Sat, 12 Dec 2020 17:19:22 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 251790] security/base-audit: incorrectly reports that 12.2p2 is vuln Message-ID: <bug-251790-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D251790 Bug ID: 251790 Summary: security/base-audit: incorrectly reports that 12.2p2 is vuln Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: dvl@FreeBSD.org CC: 000.fbsd@quip.cz CC: 000.fbsd@quip.cz Flags: maintainer-feedback?(000.fbsd@quip.cz) This is base-audit-0.4 on FreeBSD 12.2 - but it affects other FreeBSD versi= ons as well. This is partly related to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245878 When kernel and userland do not match, false positives result. Case in poi= nt, this host is: $ freebsd-version -u -k 12.2-RELEASE-p1 12.2-RELEASE-p2 $=20 When running the script: [dan@tallboy:~] $ sudo /usr/local/etc/periodic/security/405.pkg-base-audit= =20 Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Sat Dec 12 16:51:55 UTC 2020 0 problem(s) in 0 installed package(s) found. FreeBSD-12.2_2 is vulnerable: OpenSSL -- NULL pointer de-reference CVE: CVE-2020-1971 WWW: https://vuxml.FreeBSD.org/freebsd/1d56cfc5-3970-11eb-929d-d4c9ef517024.html 1 problem(s) in 1 installed package(s) found. This false positive also arise from jails. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-251790-7788>