14.1-RELEASE-p6 kernel same as -p5?
From
Winston@21:1/5 to
All on Mon Nov 25 12:21:12 2024
I used freebsd-update to binary upgrade an amd64 system running
14.1-RELEASE-p5 GENERIC to -p6. Doing so observably updated /boot/kernel/ctl.ko, presumably fixing CVE-2024-45289 (the ctl
unbounded allocation problem).
However, I see that /boot/kernel/kernel itself did not change:
it is the same as /boot/kernel.old/kernel in both content and date
and thus contains the string 14.1-RELEASE-p5.
The system has been rebooted.
Despite the upgrade and reboot, and likely because 'kernel' itself is unchanged, the nightly pkg audit test of the kernel still reports:
FreeBSD-kernel-14.1_5 is vulnerable:
FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer
So, my question is: Should the kernel have changed?
'freebsd-update IDS' says the SHA256 hash is wrong, but that's maybe to
be expected when comparing a built-from-scratch -p6 kernel with the -p5
kernel if freebsd-update figured it didn't need to be updated.
TIA,
-WBE
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)