Jump to content

Possible vulnerability in 'ping'


MWareman
Go to solution Solved by Michel Kohanim,

Recommended Posts

Posted (edited)

Looks like this vulnerability was corrected in the repositories last month, so it's very likely your Polisy OS is fixed if you've clicked on the "Upgrade Packages" button after the correction date below of 2022-11-29:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-22:15.ping                                       Security Advisory
                                                          The FreeBSD Project

Topic:          Stack overflow in ping(8)

Category:       core
Module:         ping
Announced:      2022-11-29
Credits:        Tom Jones
Affects:        All supported versions of FreeBSD.
Corrected:      2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE)
                2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5)
                2022-11-29 22:57:16 UTC (stable/12, 12.4-STABLE)
                2022-11-29 23:19:09 UTC (releng/12.4, 12.4-RC2-p2)
                2022-11-29 23:16:17 UTC (releng/12.3, 12.3-RELEASE-p10)
CVE Name:       CVE-2022-23093

EDIT: For what it's worth, from a quick look at the files on my Polisy at '/usr/local/etc/pkg/repos', it appears that my Polisy is getting updated files from both the FreeBSD project and UDI specific repos.   My guess is that UDI maintains a FreeBSD mirror as well as having a repository for their own software.

This should mean that any updated packages from the FreeBSD maintainers should be passed along to Polisy users in relatively short order, provided users update their machines.

Edited by Bumbershoot
  • Like 1
  • Thanks 1
Posted
On 12/14/2022 at 1:05 PM, Michel Kohanim said:

@MWareman, yes, 13.1p5 has already fixed it (released last week).

To upgrade please use the Admin Console.

With kind regards,
Michel

Update appears to be failing. Spinning up many, (pages of them!).

polyglot 2233   0.0  1.1  84736  44796  -  I    23:24    0:11.20 python3 ./elk-poly.py (python3.9)
root     2919   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2921   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2923   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2925   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2928   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2930   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2932   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2982   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2984   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2986   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2988   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2990   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3032   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3054   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3056   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3058   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3060   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3062   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3064   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3066   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3068   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3070   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3072   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3074   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3076   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3078   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3080   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3082   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3084   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3086   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3088   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3090   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3092   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3094   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3096   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3098   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3100   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3103   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3106   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3109   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3112   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3115   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3118   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3120   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3122   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3124   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3126   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3128   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3130   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3132   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3134   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3136   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3138   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y


Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!)
 

New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.

 

Posted
6 hours ago, MWareman said:

Update appears to be failing. Spinning up many, (pages of them!).

polyglot 2233   0.0  1.1  84736  44796  -  I    23:24    0:11.20 python3 ./elk-poly.py (python3.9)
root     2919   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2921   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2923   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2925   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2928   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2930   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2932   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2982   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2984   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2986   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2988   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2990   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3032   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3054   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3056   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3058   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3060   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3062   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3064   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3066   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3068   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3070   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3072   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3074   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3076   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3078   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3080   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3082   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3084   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3086   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3088   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3090   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3092   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3094   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3096   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3098   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3100   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3103   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3106   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3109   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3112   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3115   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3118   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3120   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3122   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3124   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3126   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3128   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3130   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3132   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3134   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3136   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3138   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y


Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!)
 

New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.

 

See (to fix)

 

  • Like 1
Posted
57 minutes ago, larryllix said:

See (to fix)

 

Thank you!  Fixed it for me as well...

  • Like 1
Posted
3 minutes ago, MWareman said:

Thank you!  Fixed it for me as well...

Yeah @Michel Kohanim reported they found the initial update process was flawed and was fixing it. Sure caused some commotion here for me for a night though.

  • Like 1
Guest
This topic is now closed to further replies.

×
×
  • Create New...