Sujet : 14.1-RELEASE-p6 kernel same as -p5? De : wbe (at) *nospam* UBEBLOCK.psr.com.invalid (Winston) Groupes :comp.unix.bsd.freebsd.misc Date : 25. Nov 2024, 18:21:12 Autres entêtes Organisation : A noiseless patient Spider Message-ID :<ydcyij44c7.fsf@UBEblock.psr.com> User-Agent : Gnus/5.13 (Gnus v5.13)
I used freebsd-update to binary upgrade an amd64 system running 14.1-RELEASE-p5 GENERIC to -p6. Doing so observably updated /boot/kernel/ctl.ko, presumably fixing CVE-2024-45289 (the ctl unbounded allocation problem).
However, I see that /boot/kernel/kernel itself did not change: it is the same as /boot/kernel.old/kernel in both content and date and thus contains the string 14.1-RELEASE-p5.
The system has been rebooted.
Despite the upgrade and reboot, and likely because 'kernel' itself is unchanged, the nightly pkg audit test of the kernel still reports:
FreeBSD-kernel-14.1_5 is vulnerable: FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
So, my question is: Should the kernel have changed?
'freebsd-update IDS' says the SHA256 hash is wrong, but that's maybe to be expected when comparing a built-from-scratch -p6 kernel with the -p5 kernel if freebsd-update figured it didn't need to be updated.
14.1-RELEASE-p6 kernel same as -p5?