Security Advisory - release version, user or kernel patch level?

Matthew Seaman matthew at FreeBSD.org
Thu Apr 6 09:34:51 UTC 2017 

On 04/06/17 09:35, zhaghzhagh at openmailbox.org wrote:
> Good morning
> 
> Every now and then I get confused by the version number of security
> patches.
> 
> For example:
> 
> https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc:
> 
> ...
> Corrected:      2017-01-26 19:14:14 UTC (stable/11, 11.0-STABLE)
>                 2017-02-23 07:11:48 UTC (releng/11.0, 11.0-RELEASE-p8)
>                 2017-01-27 07:45:06 UTC (stable/10, 10.3-STABLE)
>                 2017-02-23 07:12:18 UTC (releng/10.3, 10.3-RELEASE-p17)
> ...
> 
> [user at domain ~]$ uname -a
> FreeBSD domain.tld 10.3-RELEASE-p11 FreeBSD 10.3-RELEASE-p11 #0: Mon Oct
> 24 18:47:18 UTC 2016    
> root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
> 
> Guesses:
> 
> 1. 'uname' - 'p11' = kernel patch level (?)
> 2. '10.3-RELEASE-p17' - 'p17' = user patch level (?)
> 
> What if there is a security patch that affects only kernel?
> 
> Is it safe in all times to use 'freebsd-version -u' to decide whether my
> host needs to be updated, upon a security notification is issued? (Don't
> want to run 'freebsd-update' unnecessarily.)

The correct version to look at in terms of freebd-update(8) is always
the userland version -- ie. `freebsd-version -u` as you stated.

The userland version gets incremented for every set of advisories,
whilst the kernel version only changes when there is a security update
requiring a new kernel.  Thus the kernel version is either the same as
the userland or slightly older.

Use 'freebsd-version -u' to find the actual userland version -- it's
precisely what that command was created for, since 'uname -a' gets its
data from what is compiled into the kernel.

	Cheers,

	Matthew





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170406/b833339b/attachment.sig>

More information about the freebsd-questions mailing list