Jump to content
View in the app

A better way to browse. Learn more.
Universal Devices Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Possible vulnerability in 'ping'

MWareman
in Polisy

Featured Replies

Solved by Michel Kohanim

Go to solution

Looks like this vulnerability was corrected in the repositories last month, so it's very likely your Polisy OS is fixed if you've clicked on the "Upgrade Packages" button after the correction date below of 2022-11-29: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-22:15.ping                                       Security Advisory
                                                          The FreeBSD Project

Topic:          Stack overflow in ping(8)

Category:       core
Module:         ping
Announced:      2022-11-29
Credits:        Tom Jones
Affects:        All supported versions of FreeBSD.
Corrected:      2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE)
                2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5)
                2022-11-29 22:57:16 UTC (stable/12, 12.4-STABLE)
                2022-11-29 23:19:09 UTC (releng/12.4, 12.4-RC2-p2)
                2022-11-29 23:16:17 UTC (releng/12.3, 12.3-RELEASE-p10)
CVE Name:       CVE-2022-23093

EDIT: For what it's worth, from a quick look at the files on my Polisy at '/usr/local/etc/pkg/repos', it appears that my Polisy is getting updated files from both the FreeBSD project and UDI specific repos.   My guess is that UDI maintains a FreeBSD mirror as well as having a repository for their own software.

This should mean that any updated packages from the FreeBSD maintainers should be passed along to Polisy users in relatively short order, provided users update their machines.

Edited by Bumbershoot

    • Like 1
    • Thanks 1

    This is only if you ping a bad host that contain the exploit.

    If you don't go around pinging everything withing a polisy shell, then no worries.

     

    • Solution

    @MWareman, yes, 13.1p5 has already fixed it (released last week).

    To upgrade please use the Admin Console.

    With kind regards,
    Michel

    • Like 1
    • Thanks 1
    • Author

    Thank you!

    • Like 1
    • Author
    On 12/14/2022 at 1:05 PM, Michel Kohanim said:

    @MWareman, yes, 13.1p5 has already fixed it (released last week).

    To upgrade please use the Admin Console.

    With kind regards,
    Michel

    Update appears to be failing. Spinning up many, (pages of them!). 

    polyglot 2233   0.0  1.1  84736  44796  -  I    23:24    0:11.20 python3 ./elk-poly.py (python3.9)
root     2919   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2921   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2923   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2925   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2928   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2930   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2932   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2982   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2984   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2986   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2988   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2990   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3032   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3054   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3056   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3058   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3060   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3062   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3064   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3066   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3068   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3070   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3072   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3074   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3076   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3078   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3080   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3082   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3084   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3086   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3088   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3090   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3092   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3094   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3096   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3098   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3100   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3103   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3106   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3109   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3112   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3115   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3118   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3120   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3122   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3124   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3126   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3128   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3130   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3132   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3134   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3136   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3138   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y


    Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!)
      

    New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.

     

    6 hours ago, MWareman said:

    Update appears to be failing. Spinning up many, (pages of them!). 

    polyglot 2233   0.0  1.1  84736  44796  -  I    23:24    0:11.20 python3 ./elk-poly.py (python3.9)
root     2919   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2921   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2923   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2925   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2928   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     2930   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2932   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2982   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2984   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2986   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2988   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     2990   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3032   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3054   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3056   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3058   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3060   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3062   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3064   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3066   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3068   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3070   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3072   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3074   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3076   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3078   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3080   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3082   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3084   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3086   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3088   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3090   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3092   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3094   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3096   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3098   0.0  0.2  22308   9152  -  I    23:26    0:00.03 pkg upgrade -y
root     3100   0.0  0.2  22308   9152  -  I    23:26    0:00.02 pkg upgrade -y
root     3103   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3106   0.0  0.2  22308   9152  -  I    23:27    0:00.03 pkg upgrade -y
root     3109   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3112   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3115   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3118   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3120   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3122   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3124   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3126   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3128   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3130   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3132   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3134   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3136   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y
root     3138   0.0  0.2  22308   9152  -  I    23:27    0:00.02 pkg upgrade -y


    Finding the log - appears to not be able to update anything because pkg needs updating first - but it's not updating pkg first. (!)
      

    New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating udi repository catalogue...
udi repository is up to date.
All repositories are up to date.

     

    See (to fix)

     

    • Like 1
    • Author
    57 minutes ago, larryllix said:

    See (to fix)

     

    Thank you!  Fixed it for me as well...

    • Like 1
    3 minutes ago, MWareman said:

    Thank you!  Fixed it for me as well...

    Yeah @Michel Kohanim reported they found the initial update process was flawed and was fixing it. Sure caused some commotion here for me for a night though.

    • Like 1
    3 hours ago, larryllix said:

    for a night

    and your nights are long this time of the year :-)

     

    • Haha 2
    2 hours ago, asbril said:

    and your nights are long this time of the year :-)

     

    I used the laughing emoticon 'cause there was no finger bird.

    :)

    • Like 1
    • Haha 2
    Guest
    This topic is now closed to further replies.
    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.