Using FreeBSD Update to Patch FreeBSD

When the FreeBSD Security team released an advisory for fetch(1), I knew I could turn to Colin Percival's FreeBSD Update for binary security upgrades.

Installation is simple. Here's how to installing via package:

pkg_add -vr freebsd-update
mkdir /usr/local/freebsd-update
cp /usr/local/etc/freebsd-update.conf.sample /usr/local/etc/freebsd-update.conf

Here is how FreeBSD Update patched the fetch(1) vulnerability:

orr:/root# freebsd-update fetch
Fetching public key...
Fetching updates signature...
Fetching updates...
Fetching hash list signature...
Fetching hash list...
Examining local system...
Fetching updates...
/usr/bin/fetch...
Updates fetched

To install these updates, run: '/usr/local/sbin/freebsd-update install'
orr:/root# freebsd-update install
Backing up /usr/bin/fetch...
Installing new /usr/bin/fetch...


That's it. I didn't need to CVSup to STABLE or manually patch the fetch(1) binary. FreeBSD Update handled it, and with the change being to userland, no reboot is necessary.

Comments

Anonymous said…
This comment has been removed by a blog administrator.
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics