All supported versions of FreeBSD are affected by various security bugs that need to be applied ASAP. For example, a memory corruption bug exists in the bhyve hypervisor. Another overwrite the stack of ggatec and potentially execute arbitrary code. There are two issues fixed for OpenSSL in this security advisory too. Let us see what and how to fix these security vulnerabilities on FreeBSD.
The excellent news is fixed are released for FreeBSD version 11, 12 and 13 for bhyve, openssl, GEOM and libfetch.
Finding FreeBSD version and patch level number
Open the terminal application and then execute the following command at FreeBSD shell or over ssh prompt for remote server hosted at AWS cloud:
$ uname -mrs
FreeBSD 13.0-RELEASE-p3 amd64
I am going to use the freebsd-update command as follows to fetch update and install them:
sudo freebsd-update fetch
Password: src component not installed, skipped Looking up update.FreeBSD.org mirrors... 2 mirrors found. Fetching metadata signature for 13.0-RELEASE from update1.freebsd.org... done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Inspecting system... done. Preparing to download files... done. Fetching 32 patches.....10....20....30. done. Applying patches... done. The following files will be updated as part of updating to 13.0-RELEASE-p4: /bin/freebsd-version /boot/kernel/kernel /boot/kernel/virtio_blk.ko /lib/libcrypto.so.111 /rescue/[ /rescue/bectl /rescue/bsdlabel .... .. ...... /usr/lib32/libfetch_p.a /usr/lib32/libssl.a /usr/lib32/libssl.so.111 /usr/lib32/libssl_p.a /usr/sbin/bhyve /usr/sbin/hostapd /usr/sbin/ntp-keygen /usr/sbin/wpa_cli /usr/sbin/wpa_supplicant
Install those updates, execute:
sudo freebsd-update install
Make sure you restart all daemons that use the library, or reboot the system. I decided to reboot the FreeBSD server using the reboot command:
$ sudo reboot
After reboot, let us verify the FreeBSD version:
Optionally use the pkg command to apply package upgrades to the FreeBSD system too, if any available:
$ sudo pkg update
$ sudo pkg upgrade
Patreon supporters only guides 🤓
- No ads and tracking
- In-depth guides for developers and sysadmins at Opensourceflare✨
- Join my Patreon to support independent content creators and start reading latest guides:
Join Patreon ➔
Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. Checking for upgrades (1 candidates): 100% Processing candidates (1 candidates): 100% Checking integrity... done (0 conflicting) Your packages are up to date.
See how to applying security updates using pkg/freebsd-update on FreeBSD for more information.
Fixing security issues under FreeBSD is essential to avoid data loss or system getting owned by bugs. For example, I patched all my FreeBSD 13.x boxes. Please visit the FreeBSD website for general information regarding FreeBSD Security Advisories, including descriptions of the fields above and security branches.