From nobody Mon Nov 18 15:40:44 2024
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XsX0K3MJqz5dFZL
	for <questions@mlmmj.nyi.freebsd.org>; Mon, 18 Nov 2024 15:41:05 +0000 (UTC)
	(envelope-from kob6558@gmail.com)
Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XsX0K1hdGz4lyT;
	Mon, 18 Nov 2024 15:41:05 +0000 (UTC)
	(envelope-from kob6558@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-6e5e5c43497so22775197b3.3;
        Mon, 18 Nov 2024 07:41:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1731944463; x=1732549263; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=CpoDX2sVwXvmgXAhmDdDxDl8e4WT9DH07b0xsJ5ShQI=;
        b=K75irmpI1qG8O1y0zaObGvYu7XJapm4CYs14G9E+uBEB3KBBm93uBT7sgY4PmDr0aE
         s2EgXVY59En5oKjgKSmW8MCWBnLTdqJquheePhOEMZkutxU4cNNxHHIvYFcAe7ZbKBE2
         Ls0vuFD/tSYexEp5ZXakkAayHtDe4U73QgKnF7EL5WIbzz6S0Rq/3v0mCN2BfHDq03o2
         6AOrvSMcEzyggf3bUzaS7LMoYgeYkvijDWWc9fFs2C+uETRm+H/GT3ZTmaDxG0HMnpFJ
         3sO4dRaCWoKX4JY0DQtITP3xbF/Tf7Z745JZlM0GY0DPuSU+BwSTNAbzXipfhBiudTIP
         uM0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1731944463; x=1732549263;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=CpoDX2sVwXvmgXAhmDdDxDl8e4WT9DH07b0xsJ5ShQI=;
        b=nMI4UxGUy9sT1VHVKRBBFD/IE3VkZHrwlCsSOIBYFLna48do8WwNjdbfhJPKe7XpA0
         tmNIUUfCrSpsi2tGmqGi0rw/w78us/kxCiuy+ljyI+6d+Rrlz3UxZNoKKD8VNbIX+UNP
         l/MDYQTCSqqigRlqy9HUn2pb9vcO4jOJzJst/tktbgR7tHPoIoAT82cggAyC/sgHIagp
         27YxZO26DgsMgsIA4AhcN2iAxiDIxUT0dPniweQuoPkbFRQZ6fNJ72g0j1T+tJnvQb7s
         sGYDmvAcKb0q1uMQYBQZv4ZUINDg20VBTdfZndwurNNc5e4cIFwvfdZNdWb2bAUY12nU
         re/A==
X-Gm-Message-State: AOJu0YzIXLQ+/Eqpd+KwnieuuFquY5R0LmvF0nFqbn0sxqokj3AshHsQ
	vU4F3dcFwSvHy47jEgZZPh5E3HG3tByIIOqf0zDows3Z3CAQUrS+kL+eYRj9FBpgekUNrhoIu5M
	PRUhxX6LC8QH3zU/rniPTPtreJA3wVmgP
X-Google-Smtp-Source: AGHT+IEcIhHR8A9d8u5RHtniAXlJmicr5h26WFNc1wNPTh5UxmMGIBFCxEGbzVp0GKcWdVfwy/V1Zo1J2jsThxPCE9Y=
X-Received: by 2002:a05:690c:fd4:b0:6ea:1f5b:1f64 with SMTP id
 00721157ae682-6ee558ca9f5mr112316417b3.0.1731944463259; Mon, 18 Nov 2024
 07:41:03 -0800 (PST)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
Sender: owner-freebsd-questions@FreeBSD.org
MIME-Version: 1.0
References: <CAN6yY1stBxS5OVeLpZyzBKn+=b_jqFqtRsYM1Zx16OC3DWBu8A@mail.gmail.com>
 <86serosqxr.fsf@ltc.des.dev>
In-Reply-To: <86serosqxr.fsf@ltc.des.dev>
From: Kevin Oberman <rkoberman@gmail.com>
Date: Mon, 18 Nov 2024 07:40:44 -0800
Message-ID: <CAN6yY1s9CxbmavJg2zPQ3pxz0cOVMYshwxicArotvpYmq8C8-w@mail.gmail.com>
Subject: Re: Unable to update to 14.1-p6
To: =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org>
Cc: "freebsd-questions@freebsd.org" <questions@freebsd.org>
Content-Type: multipart/alternative; boundary="00000000000080e512062731bed2"
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4XsX0K1hdGz4lyT
X-Spamd-Bar: ----

--00000000000080e512062731bed2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 18, 2024 at 3:48=E2=80=AFAM Dag-Erling Sm=C3=B8rgrav <des@freeb=
sd.org> wrote:

> Kevin Oberman <rkoberman@gmail.com> writes:
> > I am running 14.1-p5 and get a daily message that I have a kernel
> security vulnerability:
> > Checking for security vulnerabilities in base (userland & kernel):
> > Fetching vuln.xml.xz: .......... done
> > FreeBSD-kernel-14.1_5 is vulnerable:
> >   FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
> >   CVE: CVE-2024-39281
> >   WWW:
> https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.ht=
ml
>
> It's a false positive.  The advisory only affected the ctl driver, which
> is not included in the GENERIC kernel, therefore the kernel itself was
> not updated and does not reflect the patch level.
>
> DES
> --
> Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org
>

Thanks! This has happened before but I don't recall the warning in the
periodic report. It is, indeed, a tricky problem. At least a note in
UPDATING when there is a security update to a non-GENERIC module would be a
good idea as well as a note in the Security Advisory.
--=20
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

--00000000000080e512062731bed2
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-family:tahoma,sans-serif;font-size:small">On Mon, Nov 18, 2024 at 3:48=E2=
=80=AFAM Dag-Erling Sm=C3=B8rgrav &lt;<a href=3D"mailto:des@freebsd.org" ta=
rget=3D"_blank">des@freebsd.org</a>&gt; wrote:</div><div class=3D"gmail_quo=
te"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bor=
der-left:1px solid rgb(204,204,204);padding-left:1ex">Kevin Oberman &lt;<a =
href=3D"mailto:rkoberman@gmail.com" target=3D"_blank">rkoberman@gmail.com</=
a>&gt; writes:<br>
&gt; I am running 14.1-p5 and get a daily message that I have a kernel secu=
rity vulnerability:<br>
&gt; Checking for security vulnerabilities in base (userland &amp; kernel):=
<br>
&gt; Fetching vuln.xml.xz: .......... done<br>
&gt; FreeBSD-kernel-14.1_5 is vulnerable:<br>
&gt; =C2=A0 FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer<br>
&gt; =C2=A0 CVE: CVE-2024-39281<br>
&gt; =C2=A0 WWW: <a href=3D"https://vuxml.FreeBSD.org/freebsd/8caa5d60-a174=
-11ef-9a62-002590c1f29c.html" rel=3D"noreferrer" target=3D"_blank">https://=
vuxml.FreeBSD.org/freebsd/8caa5d60-a174-11ef-9a62-002590c1f29c.html</a><br>
<br>
It&#39;s a false positive.=C2=A0 The advisory only affected the ctl driver,=
 which<br>
is not included in the GENERIC kernel, therefore the kernel itself was<br>
not updated and does not reflect the patch level.<br>
<br>
DES<br>
-- <br>
Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org<br>
</blockquote></div><div><br clear=3D"all"></div><div style=3D"font-family:t=
ahoma,sans-serif;font-size:small" class=3D"gmail_default">Thanks! This has =
happened before but I don&#39;t recall the warning in the periodic report. =
It is, indeed, a tricky problem. At least a note in UPDATING when there is =
a security update to a non-GENERIC module would be a good idea as well as a=
 note in the Security Advisory.<br></div><span class=3D"gmail_signature_pre=
fix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"l=
tr"><div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr">Kevin=
 Oberman, Part time kid herder and retired Network Engineer<br>E-mail: <a h=
ref=3D"mailto:rkoberman@gmail.com" target=3D"_blank">rkoberman@gmail.com</a=
><br></div><div>PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683</=
div></div></div></div></div></div></div></div></div>
</div>

--00000000000080e512062731bed2--