pkg audit disagrees with pkg upgrade ???
edflecko .
edflecko at gmail.com
Tue May 6 20:27:12 UTC 2014
I'm checking to see if I need to upgrade any installed packages. pkg audit
-F says I have three vulnerabilities, but when I run pkg upgrade -y, it
thinks everything is O.K. (see below)
Why the discrepancy? Which one should I believe?
fbsd_box# pkg audit -F
Vulnxml file up-to-date.
linux-f10-expat-2.0.1 is vulnerable:
expat2 -- Parser crash with specially formatted UTF-8 sequences
CVE: CVE-2009-3720
WWW: http://portaudit.FreeBSD.org/5f030587-e39a-11de-881e-001aa0166822.html
linux-f10-png-1.2.37_2 is vulnerable:
png -- memory corruption/possible remote code execution
CVE: CVE-2011-3048
WWW: http://portaudit.FreeBSD.org/262b92fe-81c8-11e1-8899-001ec9578670.html
linux-f10-tiff-3.8.2 is vulnerable:
tiff -- Multiple integer overflows
CVE: CVE-2009-2347
WWW: http://portaudit.FreeBSD.org/8816bf3a-7929-11df-bcce-0018f3e2eb82.html
3 problem(s) in the installed packages found.
fbsd_box# pkg upgrade -y
Updating repository catalogue
Nothing to do
Ed
More information about the freebsd-questions
mailing list