[CDBUG-talk] DISABLE_VULNERABILITIES=yes
Patrick Muldoon
doon at inoc.net
Tue Jan 12 08:03:13 EST 2016
> On Jan 11, 2016, at 11:25 PM, Patrick Muldoon <doon at inoc.net> wrote:
>
> Updating your ports tree is one thing but are you then upgrading all of your installed ports to fix the vulnerable ones?
>
> After a portsnap fetch / update dance and reading of /usr/ports/upgrading you can do something like
>
that should have read the reading of /usr/ports/UPDATING /sigh
But the rest stands, unless you upgrading your installed ports you probably have vulnerable packages installed on your system
pkg audit -F
will show you which ones are vulnerable
and i like using portmaster (/usr/ports/ports-mgmt/portmaster/)
for ports management / upgrades
but there is also portupgrade (/usr/ports/ports-mgmt/portupgrade)
on this same note I have
@daily root freebsd-update cron
0 3 * * * root portsnap -I cron update && pkg version -vIL=
in cron, so that it shows me all the the outdated / updated packages daily.. You can also throw a pkg audit in there as well
-Patrick
--
Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)
'Truly, you have a dizzying intellect.' - Westley, The Princess Bride
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nycbug.org/pipermail/cdbug-talk/attachments/20160112/73c70253/attachment.bin>
More information about the CDBUG-talk
mailing list