Dealing with (multiple) pkgs with security vulnerabilities.

Herbert J. Skuhra herbert at
Sun Nov 27 09:17:54 UTC 2016

Odhiambo Washington wrote:
> Hi,
> Part of my security run output contains a long list of packages with
> vulnerabilities.
> 'pkg audit -F' returns a listing of these pkgs with enough details, but
>  pkg update && pkg upgrade returns nothing so I suppose there is a better
> way to deal with these.

Output of 'uname -a' is missing.

- you are running a version that is EOL (e.g.: FreeBSD 8.x)
  => update base first and then try pkg update/upgrade again
- you are running a platform (e.g. arm) for which packages are not built/updated
- the url in your repository file (e.g. /etc/pkg/FreeBSD.conf) is wrong

> I know I can manually do 'make -C /path/to/port/directory clean reinstall
> clean', but that is so manual and tirng even just for 10 pkgs to be updated.
> What is the easiest way of doing a batch update for all the listed pkgs?

- checkout/update /usr/ports with svn(lite) or portsnap
- install ports-mgmt/portmaster
- run 'portmaster -a'

You haven't updated for a long time (more than a year). So maybe it's
better to remove all installed ports (pkg delete -a) and reinstall
them one by one.


More information about the freebsd-questions mailing list