MWareman Posted December 12, 2022 Posted December 12, 2022 I believe Polisy is based on FreeBSD. As such, the recently revealed vulnerability in 'ping' may well affect it. Is this on the UDI teams radar to test for and mitigate? https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html Thank you! 1
larryllix Posted December 12, 2022 Posted December 12, 2022 8 hours ago, MWareman said: I believe Polisy is based on FreeBSD. As such, the recently revealed vulnerability in 'ping' may well affect it. Is this on the UDI teams radar to test for and mitigate? https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html Thank you! @Michel Kohanim
Bumbershoot Posted December 12, 2022 Posted December 12, 2022 (edited) Looks like this vulnerability was corrected in the repositories last month, so it's very likely your Polisy OS is fixed if you've clicked on the "Upgrade Packages" button after the correction date below of 2022-11-29: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-22:15.ping Security Advisory The FreeBSD Project Topic: Stack overflow in ping(8) Category: core Module: ping Announced: 2022-11-29 Credits: Tom Jones Affects: All supported versions of FreeBSD. Corrected: 2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE) 2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5) 2022-11-29 22:57:16 UTC (stable/12, 12.4-STABLE) 2022-11-29 23:19:09 UTC (releng/12.4, 12.4-RC2-p2) 2022-11-29 23:16:17 UTC (releng/12.3, 12.3-RELEASE-p10) CVE Name: CVE-2022-23093 EDIT: For what it's worth, from a quick look at the files on my Polisy at '/usr/local/etc/pkg/repos', it appears that my Polisy is getting updated files from both the FreeBSD project and UDI specific repos. My guess is that UDI maintains a FreeBSD mirror as well as having a repository for their own software. This should mean that any updated packages from the FreeBSD maintainers should be passed along to Polisy users in relatively short order, provided users update their machines. Edited December 12, 2022 by Bumbershoot 1 1
brians Posted December 12, 2022 Posted December 12, 2022 This is only if you ping a bad host that contain the exploit. If you don't go around pinging everything withing a polisy shell, then no worries.
Solution Michel Kohanim Posted December 14, 2022 Solution Posted December 14, 2022 @MWareman, yes, 13.1p5 has already fixed it (released last week). To upgrade please use the Admin Console. With kind regards, Michel 1 1
MWareman Posted December 16, 2022 Author Posted December 16, 2022 On 12/14/2022 at 1:05 PM, Michel Kohanim said: @MWareman, yes, 13.1p5 has already fixed it (released last week). To upgrade please use the Admin Console. With kind regards, Michel Update appears to be failing. Spinning up many, (pages of them!). polyglot 2233 0.0 1.1 84736 44796 - I 23:24 0:11.20 python3 ./elk-poly.py (python3.9) root 2919 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2921 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2923 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 2925 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2928 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 2930 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2932 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2982 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2984 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2986 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2988 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2990 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3032 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3054 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3056 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3058 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3060 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3062 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3064 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3066 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3068 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3070 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3072 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3074 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3076 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3078 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3080 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3082 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3084 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3086 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3088 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3090 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3092 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3094 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3096 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3098 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3100 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3103 0.0 0.2 22308 9152 - I 23:27 0:00.03 pkg upgrade -y root 3106 0.0 0.2 22308 9152 - I 23:27 0:00.03 pkg upgrade -y root 3109 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3112 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3115 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3118 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3120 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3122 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3124 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3126 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3128 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3130 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3132 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3134 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3136 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3138 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!) New version of pkg detected; it needs to be installed first. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating udi repository catalogue... udi repository is up to date. All repositories are up to date. New version of pkg detected; it needs to be installed first. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating udi repository catalogue... udi repository is up to date. All repositories are up to date. New version of pkg detected; it needs to be installed first. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating udi repository catalogue... udi repository is up to date. All repositories are up to date.
larryllix Posted December 16, 2022 Posted December 16, 2022 6 hours ago, MWareman said: Update appears to be failing. Spinning up many, (pages of them!). polyglot 2233 0.0 1.1 84736 44796 - I 23:24 0:11.20 python3 ./elk-poly.py (python3.9) root 2919 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2921 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2923 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 2925 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2928 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 2930 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2932 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2982 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2984 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2986 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2988 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 2990 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3032 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3054 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3056 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3058 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3060 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3062 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3064 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3066 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3068 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3070 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3072 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3074 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3076 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3078 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3080 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3082 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3084 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3086 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3088 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3090 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3092 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3094 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3096 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3098 0.0 0.2 22308 9152 - I 23:26 0:00.03 pkg upgrade -y root 3100 0.0 0.2 22308 9152 - I 23:26 0:00.02 pkg upgrade -y root 3103 0.0 0.2 22308 9152 - I 23:27 0:00.03 pkg upgrade -y root 3106 0.0 0.2 22308 9152 - I 23:27 0:00.03 pkg upgrade -y root 3109 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3112 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3115 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3118 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3120 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3122 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3124 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3126 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3128 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3130 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3132 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3134 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3136 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y root 3138 0.0 0.2 22308 9152 - I 23:27 0:00.02 pkg upgrade -y Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!) New version of pkg detected; it needs to be installed first. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating udi repository catalogue... udi repository is up to date. All repositories are up to date. New version of pkg detected; it needs to be installed first. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating udi repository catalogue... udi repository is up to date. All repositories are up to date. New version of pkg detected; it needs to be installed first. Checking integrity... done (0 conflicting) Your packages are up to date. Updating FreeBSD repository catalogue... FreeBSD repository is up to date. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating udi repository catalogue... udi repository is up to date. All repositories are up to date. See (to fix) 1
MWareman Posted December 16, 2022 Author Posted December 16, 2022 57 minutes ago, larryllix said: See (to fix) Thank you! Fixed it for me as well... 1
larryllix Posted December 16, 2022 Posted December 16, 2022 3 minutes ago, MWareman said: Thank you! Fixed it for me as well... Yeah @Michel Kohanim reported they found the initial update process was flawed and was fixing it. Sure caused some commotion here for me for a night though. 1
asbril Posted December 16, 2022 Posted December 16, 2022 3 hours ago, larryllix said: for a night and your nights are long this time of the year 2
larryllix Posted December 16, 2022 Posted December 16, 2022 2 hours ago, asbril said: and your nights are long this time of the year I used the laughing emoticon 'cause there was no finger bird. 1 2
Recommended Posts