Date: Mon, 15 Apr 2024 14:44:03 +0000 From: =?iso-8859-2?Q?Marek_Anio=B3a?= <man130117@outlook.com> To: infoomatic <infoomatic@gmx.at>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: cpu-microcode-intel-20231114 Message-ID: <VI1PR03MB297393B6C7435F7306600593A8092@VI1PR03MB2973.eurprd03.prod.outlook.com> In-Reply-To: <202633d8-b51c-4f8e-8426-f42a8a79c99d@gmx.at> References: <AM5PR03MB296289896D3D652DA041DDC7A8092@AM5PR03MB2962.eurprd03.prod.outlook.com> <202404151356.43FDu3d7023044@higson.cam.lispworks.com> <VI1PR03MB2973A21EFD376EBA669F9275A8092@VI1PR03MB2973.eurprd03.prod.outlook.com> <202633d8-b51c-4f8e-8426-f42a8a79c99d@gmx.at>
index | next in thread | previous in thread | raw e-mail
That helped (I had "quaterly" instead of "latest" in url line of /usr/local/etc/pkg/repos/FreeBSD.conf). Thanks a lot From: owner-freebsd-security@FreeBSD.org <owner-freebsd-security@FreeBSD.org> on behalf of infoomatic <infoomatic@gmx.at> Sent: Monday, April 15, 2024 16:27 To: freebsd-security@freebsd.org <freebsd-security@freebsd.org> Subject: Re: cpu-microcode-intel-20231114 pkg update -f refreshes fetches your package catalogue (latest or quarterly - see /etc/pkg/FreeBSD.conf). After that you should be able to upgrade the package. Regards, Robert On 15.04.24 16:19, Marek Anio³a wrote: > No, it only shows the old version: > > ~ # pkg search cpu-microcode-intel > cpu-microcode-intel-20231114 Intel CPU microcode updates > ~ # > > The latest version (20240312) is not available. > > > > From: Martin Simmons <martin@lispworks.com> > Sent: Monday, April 15, 2024 15:56 > To: Marek Anio³a <man130117@outlook.com> > Cc: freebsd-security@freebsd.org <freebsd-security@freebsd.org> > Subject: Re: cpu-microcode-intel-20231114 > >>>>>> On Mon, 15 Apr 2024 09:09:57 +0000, =?iso-8859-2?Q?Marek Anio=B3a?= said: >> >> As of 13 March 2024. "pkg audit" reports the following vulnerabilities in FreeBSD 13.3-RELEASE-p1: >> >> cpu-microcode-intel-20231114 is vulnerable: >> Intel processors - multiple vulnerabilities >> CVE: CVE-2023-43490 >> CVE: CVE-2023-22655 >> CVE: CVE-2023-28746 >> CVE: CVE-2023-38575 >> CVE: CVE-2023-39368 >> WWW: https://vuxml.FreeBSD.org/freebsd/b6dd9d93-e09b-11ee-92fc-1c697a616631.html >> >> Found 1 issue(s) in 1 installed package(s). >> >> The website https://www.freshports.org/sysutils/cpu-microcode-intel/ shows that an update to the package appeared the day before (2024-03-12), but the BINARY package providing THE UPDATE IS STILL NOT AVAILABLE! >> >> Should this be the case? >> Or, should I update the microcode in some other way? > > pkg search cpu-microcode-intel says the latest version is called > cpu-microcode-intel-20240312. I don't know why these packages have dates in > their names so they don't upgrade automatically.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?VI1PR03MB297393B6C7435F7306600593A8092>