Date: Mon, 18 Nov 2024 07:40:44 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org> Cc: "freebsd-questions@freebsd.org" <questions@freebsd.org> Subject: Re: Unable to update to 14.1-p6 Message-ID: <CAN6yY1s9CxbmavJg2zPQ3pxz0cOVMYshwxicArotvpYmq8C8-w@mail.gmail.com> In-Reply-To: <86serosqxr.fsf@ltc.des.dev> References: <CAN6yY1stBxS5OVeLpZyzBKn%2B=b_jqFqtRsYM1Zx16OC3DWBu8A@mail.gmail.com> <86serosqxr.fsf@ltc.des.dev>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000080e512062731bed2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Nov 18, 2024 at 3:48=E2=80=AFAM Dag-Erling Sm=C3=B8rgrav <des@freeb= sd.org> wrote: > Kevin Oberman <rkoberman@gmail.com> writes: > > I am running 14.1-p5 and get a daily message that I have a kernel > security vulnerability: > > Checking for security vulnerabilities in base (userland & kernel): > > Fetching vuln.xml.xz: .......... done > > FreeBSD-kernel-14.1_5 is vulnerable: > > FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer > > CVE: CVE-2024-39281 > > WWW: > https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.ht= ml > > It's a false positive. The advisory only affected the ctl driver, which > is not included in the GENERIC kernel, therefore the kernel itself was > not updated and does not reflect the patch level. > > DES > -- > Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org > Thanks! This has happened before but I don't recall the warning in the periodic report. It is, indeed, a tricky problem. At least a note in UPDATING when there is a security update to a non-GENERIC module would be a good idea as well as a note in the Security Advisory. --=20 Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkoberman@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 --00000000000080e512062731bed2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:tahoma,sans-serif;font-size:small">On Mon, Nov 18, 2024 at 3:48=E2= =80=AFAM Dag-Erling Sm=C3=B8rgrav <<a href=3D"mailto:des@freebsd.org" ta= rget=3D"_blank">des@freebsd.org</a>> wrote:</div><div class=3D"gmail_quo= te"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor= der-left:1px solid rgb(204,204,204);padding-left:1ex">Kevin Oberman <<a = href=3D"mailto:rkoberman@gmail.com" target=3D"_blank">rkoberman@gmail.com</= a>> writes:<br> > I am running 14.1-p5 and get a daily message that I have a kernel secu= rity vulnerability:<br> > Checking for security vulnerabilities in base (userland & kernel):= <br> > Fetching vuln.xml.xz: .......... done<br> > FreeBSD-kernel-14.1_5 is vulnerable:<br> > =C2=A0 FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer<br> > =C2=A0 CVE: CVE-2024-39281<br> > =C2=A0 WWW: <a href=3D"https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174= -11ef-9a62-002590c1f29c.html" rel=3D"noreferrer" target=3D"_blank">https://= vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html</a><br> <br> It's a false positive.=C2=A0 The advisory only affected the ctl driver,= which<br> is not included in the GENERIC kernel, therefore the kernel itself was<br> not updated and does not reflect the patch level.<br> <br> DES<br> -- <br> Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org<br> </blockquote></div><div><br clear=3D"all"></div><div style=3D"font-family:t= ahoma,sans-serif;font-size:small" class=3D"gmail_default">Thanks! This has = happened before but I don't recall the warning in the periodic report. = It is, indeed, a tricky problem. At least a note in UPDATING when there is = a security update to a non-GENERIC module would be a good idea as well as a= note in the Security Advisory.<br></div><span class=3D"gmail_signature_pre= fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"l= tr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr">Kevin= Oberman, Part time kid herder and retired Network Engineer<br>E-mail: <a h= ref=3D"mailto:rkoberman@gmail.com" target=3D"_blank">rkoberman@gmail.com</a= ><br></div><div>PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683</= div></div></div></div></div></div></div></div></div> </div> --00000000000080e512062731bed2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1s9CxbmavJg2zPQ3pxz0cOVMYshwxicArotvpYmq8C8-w>