Date: Thu, 6 Apr 2017 10:34:45 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: Security Advisory - release version, user or kernel patch level? Message-ID: <f8170cf9-be25-1bf6-a1ca-97c13a6f54bd@freebsd.org> In-Reply-To: <a3b1b792aec0463256e998d479f8eb06@openmailbox.org> References: <a3b1b792aec0463256e998d479f8eb06@openmailbox.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --IfA6c0w7bUgPO0MsKgBO2sQv4umlkjLKV Content-Type: multipart/mixed; boundary="1xfwK48ETP2EawRPbHCBCxL2D6GbETJsu"; protected-headers="v1" From: Matthew Seaman <matthew@freebsd.org> To: freebsd-questions@freebsd.org Message-ID: <f8170cf9-be25-1bf6-a1ca-97c13a6f54bd@freebsd.org> Subject: Re: Security Advisory - release version, user or kernel patch level? References: <a3b1b792aec0463256e998d479f8eb06@openmailbox.org> In-Reply-To: <a3b1b792aec0463256e998d479f8eb06@openmailbox.org> --1xfwK48ETP2EawRPbHCBCxL2D6GbETJsu Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 04/06/17 09:35, zhaghzhagh@openmailbox.org wrote: > Good morning >=20 > Every now and then I get confused by the version number of security > patches. >=20 > For example: >=20 > https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.as= c: >=20 > ... > Corrected: 2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE) > 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8) > 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE) > 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p17)= > ... >=20 > [user@domain ~]$ uname -a > FreeBSD domain.tld 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oc= t > 24 18:47:18 UTC 2016 =20 > root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >=20 > Guesses: >=20 > 1. 'uname' - 'p11' =3D kernel patch level (?) > 2. '10.3-RELEASE-p17' - 'p17' =3D user patch level (?) >=20 > What if there is a security patch that affects only kernel? >=20 > Is it safe in all times to use 'freebsd-version -u' to decide whether m= y > host needs to be updated, upon a security notification is issued? (Don'= t > want to run 'freebsd-update' unnecessarily.) The correct version to look at in terms of freebd-update(8) is always the userland version -- ie. `freebsd-version -u` as you stated. The userland version gets incremented for every set of advisories, whilst the kernel version only changes when there is a security update requiring a new kernel. Thus the kernel version is either the same as the userland or slightly older. Use 'freebsd-version -u' to find the actual userland version -- it's precisely what that command was created for, since 'uname -a' gets its data from what is compiled into the kernel. Cheers, Matthew --1xfwK48ETP2EawRPbHCBCxL2D6GbETJsu-- --IfA6c0w7bUgPO0MsKgBO2sQv4umlkjLKV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAljmC7UACgkQAFE/EOCp 5OfaNxAAkVGmOvKnBE1zwgq63H7Bp6V08vLJY6kN093k8xEPEanTCpqoiEMkWYY4 6PrvC/xJG1oPOD8NbhP3gdfWFuJOXVGL0z94v+MW5MwUGz5FCZMr3AaXDJzVAEBt c6VJtuJfwzDAdlPeAN/SBPFOFsEB/K8pEUlqrD/6ASyMJ7p91hK2eT/oww3FSDHK AB4yQ1zRt6x2c0ByrY0owhrONTSTrDnpvh0dWhlXZr8FngLV1rG4sNS8Sbq4fHwr jAiRTX6+01wCbfnslrMFUBIsWRqdnMnIEu9eo6/fK8/KSJCy/Q4qode54/mNDEIN HfORmgZYwsERGheEVxEvzCg7MyaorCpC7icqdsvmnvU6/8YOYmExTVw6Z2JqhYGy ExjcutANr3x1TmyH4bNw/SMdhFEYnioASTH24dW80kKQNUghm2uOd48LtpCeoNP0 7aBKKi0VqMJd8Flk7iPIEo228roq87Dxey90cxLc1tCIuRVADje7rnk0K8raIhrl lwq0XE2chYHUI4Ck3Ey7gj9udRcCU3vRTRAwaTEaqVR+1qCTytxqboAq4VPj03Pf PsRHMKAS2fGgNAcCAHaZHwEGwgdViR51fT3P4GfftEAewdlwYbnUkMvJpeWcLpaO eT75wUYYJLK5RkRzgzjTli5qglF2ryEc5HOjB7A1Rqrk7UMaE8g= =KOiC -----END PGP SIGNATURE----- --IfA6c0w7bUgPO0MsKgBO2sQv4umlkjLKV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f8170cf9-be25-1bf6-a1ca-97c13a6f54bd>