Created
January 21, 2015 17:55
-
-
Save dlangille/dbcddca8c91626e801a7 to your computer and use it in GitHub Desktop.
old pkg and new pkg give different results for pkg audit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ sudo pkg info -r libevent | |
libevent-1.4.14b_3: | |
tmux-1.9.a_1 | |
$ sudo pkg audit -F | |
Vulnxml file up-to-date. | |
libevent-1.4.14b_3 is vulnerable: | |
libevent -- integer overflow in evbuffers | |
CVE: CVE-2014-6272 | |
WWW: http://portaudit.FreeBSD.org/daa8a49b-99b9-11e4-8f66-3085a9a4510d.html | |
1 problem(s) in the installed packages found. | |
$ sudo pkg upgrade | |
Updating repository catalogue | |
New version of pkg detected; it needs to be installed first. | |
Upgrades have been requested for the following 1 packages: | |
Upgrading pkg: 1.2.7_4 -> 1.3.8_1 [vrt] | |
The upgrade will require 1 MB more space | |
2 MB to be downloaded | |
Proceed with upgrading packages [y/N]: y | |
pkg-1.3.8_1.txz 100% 1992KB 2.0MB/s 2.0MB/s 00:00 | |
Checking integrity... done | |
[1/1] Upgrading pkg from 1.2.7_4 to 1.3.8_1... done | |
If you are upgrading from the old package format, first run: | |
# pkg2ng | |
Updating vrt repository catalogue... | |
pkg: Repo "vrt" upgrade schema 2006 to 2007: Add conflicts and provides | |
pkg: Repo "vrt" upgrade schema 2007 to 2008: Add FTS index | |
pkg: Repo "vrt" upgrade schema 2008 to 2009: Optimize indicies | |
pkg: Repo "vrt" upgrade schema 2009 to 2010: Add legacy digest field | |
vrt repository is up-to-date. | |
All repositories are up-to-date. | |
Updating database digests format: 100% | |
Checking for upgrades (37 candidates): 100% | |
The following 33 packages will be affected (of 0 checked): | |
New packages to be INSTALLED: | |
libevent2: 2.0.22 | |
indexinfo: 0.2 | |
nano: 2.2.6 | |
Installed packages to be UPGRADED: | |
zsh: 5.0.5 -> 5.0.6_1 | |
libiconv: 1.14_3 -> 1.14_4 | |
python27: 2.7.6_4 -> 2.7.8_5 | |
glib: 2.36.3_2 -> 2.36.3_4 | |
perl5: 5.16.3_9 -> 5.16.3_11 | |
vrtbase: 1.1_1 -> 1.2 | |
tmux: 1.9.a_1 -> 1.9.a_2 | |
screen: 4.2.1_1 -> 4.2.1_3 | |
msktutil: 0.5.1_1 -> 0.5.1_2 | |
openldap-sasl-client: 2.4.39 -> 2.4.39_2 | |
cyrus-sasl: 2.1.26_7 -> 2.1.26_9 | |
sudo: 1.8.10.p3 -> 1.8.10.p3_1 | |
nss-pam-ldapd-sasl: 0.8.14 -> 0.8.14_2 | |
cfengine33: 3.3.8_5 -> 3.3.8_6 | |
pcre: 8.34_1 -> 8.35 | |
tshark: 1.10.7 -> 1.12.1_1 | |
GeoIP: 1.4.8_3 -> 1.6.2_1 | |
libsmi: 0.4.8 -> 0.4.8_1 | |
adns: 1.4_1 -> 1.4_2 | |
libffi: 3.0.13_1 -> 3.0.13_2 | |
postfix: 2.11.1,1 -> 2.11.1_4,1 | |
bash: 4.3.11_2 -> 4.3.30 | |
ca_root_nss: 3.16 -> 3.17.1 | |
rsync: 3.1.0_3 -> 3.1.1_3 | |
net-snmp: 5.7.2_9 -> 5.7.2_16 | |
vim-lite: 7.4.295 -> 7.4.430 | |
pfqueue: 0.5.6 -> 0.5.6_1 | |
openbsm-devel: 1.2.a3_2 -> 1.2.a3_5 | |
Installed packages to be REINSTALLED: | |
gettext-0.18.3.1_1 (direct dependency changed) | |
tokyocabinet-1.4.48 (needed shared library changed) | |
The process will require 717 kB more space. | |
62 MB to be downloaded. | |
Proceed with this action? [y/N]: n | |
$ sudo pkg audit | |
bash-4.3.11_2 is vulnerable: | |
bash -- out-of-bounds memory access in parser | |
CVE: CVE-2014-7187 | |
CVE: CVE-2014-7186 | |
WWW: http://portaudit.FreeBSD.org/4a4e9f88-491c-11e4-ae2c-c80aa9043978.html | |
bash-4.3.11_2 is vulnerable: | |
bash -- remote code execution vulnerability | |
CVE: CVE-2014-7169 | |
CVE: CVE-2014-6271 | |
WWW: http://portaudit.FreeBSD.org/71ad81da-4414-11e4-a33e-3c970e169bc2.html | |
bash-4.3.11_2 is vulnerable: | |
bash -- remote code execution | |
CVE: CVE-2014-6278 | |
CVE: CVE-2014-6277 | |
WWW: http://portaudit.FreeBSD.org/512d1301-49b9-11e4-ae2c-c80aa9043978.html | |
libevent-1.4.14b_3 is vulnerable: | |
libevent -- integer overflow in evbuffers | |
CVE: CVE-2014-6272 | |
WWW: http://portaudit.FreeBSD.org/daa8a49b-99b9-11e4-8f66-3085a9a4510d.html | |
2 problem(s) in the installed packages found. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment