FreeBSD jail, xen, and .pam_login_access security fixes released

FreeBSD jail, xen, and .pam_login_access security fixes released

FreeBSD jail, xen, and .pam_login_access security fixes released
All supported versions of FreeBSD are affected by various security bugs that need to be applied ASAP. If the process is privileged, it may escape jail and gain full access to the FreeBSD system. Similarly, when using Xen, a malicious or buggy frontend driver may be able to cause resource leaks. Let us see what and how to fix these security vulnerabilities on FreeBSD.

FreeBSD version 10/11/12 and 13 have a new jail, Xen, and .pam_login_access security-related problems. The excellent news is fixed are released. Let us see the details.
Find FreeBSD Version and Patch Level Number

$ uname -mrs
$ freebsd-version


Apply FreeBSD jail, xen, and .pam_login_access security fixes

If your systems running a RELEASE version of FreeBSD, type:
$ sudo freebsd-update fetch

src component not installed, skipped
Looking up mirrors... 3 mirrors found.
Fetching metadata signature for 12.2-RELEASE from done.
Fetching metadata index... done.
Fetching 2 metadata patches.. done.
Applying metadata patches... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 17 patches.....10... done.
Applying patches... done.
Fetching 1 files... done.
The following files will be removed as part of updating to

Reboot the FreeBSD box, run:
$ sudo reboot
$ sudo shutdown -r +30min "Rebooting FreeBSD production box for a security update. Please save all work."


After reboot verify FreeBSD version:
$ feebsd-verion
Sample outputs from patched systems:


See how to applying security updates using pkg/freebsd-update on FreeBSD for more information.

Summing up

Fixing these bugs and security issues under FreeBSD is essential. I patched all my FreeBSD 12.x boxes. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit the FreeBSD website.

Posted by Contributor