Dealing with (multiple) pkgs with security vulnerabilities.
odhiambo at gmail.com
Sun Nov 27 09:45:40 UTC 2016
On 27 November 2016 at 12:11, Herbert J. Skuhra <herbert at mailbox.org> wrote:
> Odhiambo Washington wrote:
> > Hi,
> > Part of my security run output contains a long list of packages with
> > vulnerabilities.
> > 'pkg audit -F' returns a listing of these pkgs with enough details, but
> > pkg update && pkg upgrade returns nothing so I suppose there is a better
> > way to deal with these.
> Output of 'uname -a' is missing.
Yeah, I am sorry I didn't supply that. I forgot.
> - you are running a version that is EOL (e.g.: FreeBSD 8.x)
That is so true!! But I also have some servers running 9.3 and 10.3. Would
it be different dealing with this situation in 9.3|10.3 ??
> => update base first and then try pkg update/upgrade again
> - you are running a platform (e.g. arm) for which packages are not
> - the url in your repository file (e.g. /etc/pkg/FreeBSD.conf) is wrong
> > I know I can manually do 'make -C /path/to/port/directory clean reinstall
> > clean', but that is so manual and tirng even just for 10 pkgs to be
> > What is the easiest way of doing a batch update for all the listed pkgs?
> - checkout/update /usr/ports with svn(lite) or portsnap
I use portsnap.
> - install ports-mgmt/portmaster
I use portupgrade.
> - run 'portmaster -a'
So, `portupgrade -1` ??
Okay. I always find that scary. I guess I have to upgrade these systems to
10.3, or maybe 11.
> You haven't updated for a long time (more than a year). So maybe it's
> better to remove all installed ports (pkg delete -a) and reinstall
> them one by one.
Sounds sensibe, but I usually just update the ports that I know as most
active - those for which the server was build.
Anyway, I get the point now.
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
More information about the freebsd-questions