Patrick Muldoon doon at inoc.net
Tue Jan 12 08:03:13 EST 2016

> On Jan 11, 2016, at 11:25 PM, Patrick Muldoon <doon at inoc.net> wrote:
> Updating your ports tree is one thing but are you then upgrading all of your installed ports to fix the vulnerable ones?
> After a portsnap fetch / update dance  and reading of /usr/ports/upgrading you can do something like

that should have read the reading of /usr/ports/UPDATING  /sigh

But the rest stands, unless you upgrading your installed ports you probably have vulnerable packages installed on your system

pkg audit -F

will show you which ones are vulnerable

and i like using portmaster (/usr/ports/ports-mgmt/portmaster/)

for ports management / upgrades

but there is also portupgrade (/usr/ports/ports-mgmt/portupgrade)

on this same note I have

@daily                                  root    freebsd-update cron
0 	3 	*	* 	* 	root 	portsnap -I cron update && pkg version -vIL=

in cron, so that it shows me all the the outdated / updated packages daily..  You can also throw a pkg audit in there as well


Patrick Muldoon
Network/Software Engineer
INOC (http://www.inoc.net)

'Truly, you have a dizzying intellect.' - Westley, The Princess Bride

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.nycbug.org/pipermail/cdbug-talk/attachments/20160112/73c70253/attachment.bin>

More information about the CDBUG-talk mailing list