From owner-freebsd-stable@freebsd.org Thu Sep 17 22:29:03 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E6B173EFBD8 for ; Thu, 17 Sep 2020 22:29:03 +0000 (UTC) (envelope-from dan@langille.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Bss7y62Zdz3TVc for ; Thu, 17 Sep 2020 22:29:02 +0000 (UTC) (envelope-from dan@langille.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 89D1F5C0222 for ; Thu, 17 Sep 2020 18:29:01 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Thu, 17 Sep 2020 18:29:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= from:content-type:content-transfer-encoding:mime-version:subject :message-id:date:to; s=fm2; bh=j6QlM2gF9zf3MbbmDlqDYeBNWHB23/HLs E/XXflFo6s=; b=flTziJJKTvXmo3sWj/Pbq+dO6WtPw5IxSSMG7tNal6CaF8fVm PCtVwny1v0j/jwQWa3oNqtaLDiZSQYQyCZKCJhlxdw+lTr+i1HJJkQU1TjPHmQsp 3cVapbOM5KWUyunSsK+KjMSJJfnGv1cfO5vDHKcU/HF8Wx7u2fXSc9s7VMxn8/Fj NRgRfFxW/v9FjDmCtZweJZhSo8Y39izrKErKDnh5gDxYd6qUSVjRBjzCMbVXlf54 AO6Or1v3KrPaQ3imavMip0ArSZu33rVdVLIkshdqxkT+PbeZPt7AIbto81TUK3PG b2SKRtGl4lFDGPcWGVPerhHCYwHZhps7EbCLg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=j6QlM2 gF9zf3MbbmDlqDYeBNWHB23/HLsE/XXflFo6s=; b=KQu7JQvf/YYSpp2DAvZQTI MytYm2Db53+gzAbyx2WSQemOfbrbTRKLKFEKMxQ6bkh7j12XfpbDn2FaHkfeI1Tb dPNvKLj+3+yQk4jyx8eACe4wDBiTxq5UKq5CbFCa3iEJ1B6lB+l6fCtJqnnb+VRO COqSBj18bXyqZ8qNrYYppwcdXiGXu9IEK2tGe1ylp2fLsxlnAOIRRhrYRGCPEYoH dO0XeAKsQ2L2+0NOBCdrBInn4SVUh3lbhfLHK+jYPs4bOPmzRkTLEn/b9agbbf6Q 6+QgrBlT/kS1RK33CNaaqv/zOoVX3Ys3IaeCebKyrIgbxJEqY82yQI6JwY7UyvbA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrtdehgddutdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephfgtgfgguffkfffvofesthhqmhdthh dtjeenucfhrhhomhepffgrnhcunfgrnhhgihhllhgvuceouggrnheslhgrnhhgihhllhgv rdhorhhgqeenucggtffrrghtthgvrhhnpefhleeukeduteffueduueeftdduvdetkeejje ettddufffgveejtedugfdvledtveenucffohhmrghinhepfhhrvggvsghsugdrohhrghdp lhgrnhhgihhllhgvrdhorhhgnecukfhppedujeegrddutdeirdduvdekrddvvddvnecuve hluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrnheslhgr nhhgihhllhgvrdhorhhg X-ME-Proxy: Received: from [192.168.1.236] (cpe-174-106-128-222.ec.res.rr.com [174.106.128.222]) by mail.messagingengine.com (Postfix) with ESMTPA id F0FC13064687 for ; Thu, 17 Sep 2020 18:29:00 -0400 (EDT) From: Dan Langille Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Subject: after latest patches i386 not fully patched Message-Id: Date: Thu, 17 Sep 2020 18:28:59 -0400 To: freebsd-stable@freebsd.org X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Rspamd-Queue-Id: 4Bss7y62Zdz3TVc X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=langille.org header.s=fm2 header.b=flTziJJK; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=KQu7JQvf; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.27 as permitted sender) smtp.mailfrom=dan@langille.org X-Spamd-Result: default: False [-3.38 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[66.111.4.27:from]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; NEURAL_HAM_SHORT(-0.80)[-0.801]; RECEIVED_SPAMHAUS_PBL(0.00)[174.106.128.222:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.27:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.95)[-0.950]; R_DKIM_ALLOW(-0.20)[langille.org:s=fm2,messagingengine.com:s=fm3]; FREEFALL_USER(0.00)[dan]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.03)[-1.031]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; MAILMAN_DEST(0.00)[freebsd-stable] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Sep 2020 22:29:04 -0000 Hello, After running 'freebsd-update fetch install' on a i386 server, I have = this situation: [dan@gelt:~] $ freebsd-version -u 12.1-RELEASE-p10 [dan@gelt:~] $ freebsd-version -k 12.1-RELEASE-p9 [dan@gelt:~] $=20 Why did this not get a new kernel? I ask because: [dan@gelt:~] $ sudo /usr/local/etc/periodic/security/405.pkg-base-audit Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Wed Sep 16 07:06:52 UTC 2020 FreeBSD-kernel-12.1_9 is vulnerable: FreeBSD -- bhyve SVM guest escape CVE: CVE-2020-7467 WWW: = https://vuxml.FreeBSD.org/freebsd/e73c688b-f7e6-11ea-88f8-901b0ef719ab.htm= l FreeBSD-kernel-12.1_9 is vulnerable: FreeBSD -- bhyve privilege escalation via VMCS access CVE: CVE-2020-24718 WWW: = https://vuxml.FreeBSD.org/freebsd/2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab.htm= l FreeBSD-kernel-12.1_9 is vulnerable: FreeBSD -- ure device driver susceptible to packet-in-packet attack CVE: CVE-2020-7464 WWW: = https://vuxml.FreeBSD.org/freebsd/bb53af7b-f7e4-11ea-88f8-901b0ef719ab.htm= l 3 problem(s) in 1 installed package(s) found. 0 problem(s) in 0 installed package(s) found. Oh, let's try again: [dan@slocum:~] $ sudo freebsd-update fetch install Looking up update.FreeBSD.org mirrors... 3 mirrors found. Fetching metadata signature for 12.1-RELEASE from update4.freebsd.org... = done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 12.1-RELEASE-p10. No updates are available to install. [dan@slocum:~] $=20 I've done everything I can How do I properly patch this i386 server? For those wondering what I just ran: [dan@gelt:~] $ pkg which = /usr/local/etc/periodic/security/405.pkg-base-audit /usr/local/etc/periodic/security/405.pkg-base-audit was installed by = package base-audit-0.4 [dan@gelt:~] $=20 on an amd64 host I have: [dan@slocum:~] $ freebsd-version -u 12.1-RELEASE-p10 [dan@slocum:~] $ freebsd-version -k 12.1-RELEASE-p10 =E2=80=94=20 Dan Langille http://langille.org/