top | item 46311312

(no title)

clan | 2 months ago

This actually makes me happy! I must be getting old!

It truly is a bad one but I really appreciate Kevin Day for finding/reporting this and for all the volunteer work fixing this.

All I had to do was "freebsd-update fetch install && reboot" on my systems and I could continue my day. Fleet management can be that easy for both pets and cattle. I do however feel for those who have deployed embedded systems. We can only hope the firmware vendors are on top of their game.

My HN addiction is now vindicated as I would probably not have noticed this RCE until after christmas.

This makes me very grateful and gives me a warm fuzzy feeling inside!

discuss

barnas2|2 months ago

> We can only hope the firmware vendors are on top of their game.

You should go into comedy, this would kill at an open mic!

cornonthecobra|2 months ago

Even better, the reboot wasn't needed as the kernel didn't get bumped on this one. Just restart the rtsold service if you're using it and sanity check your resolv.conf and resolvconf.conf.

As for noticing it quickly, add `freebsd-update cron` to crontab and it will email you the fetch summary when updates are available

formerly_proven|2 months ago

> My HN addiction is now vindicated as I would probably not have noticed this RCE until after christmas.

Always makes sense to subscribe to the security-announce mailing list of major dependencies (distro/vendor, openssh, openssl etc.) and oss-security.

tete|2 months ago

Where major dependency is everything that even indirectly touches network. Doesn't really matter if the thing that gives everyone access to your systems is major or not.

elcritch|2 months ago

If it’s a shell script fix does it even need a reboot?