https://man.freebsd.org/cgi/man.cgi?query=pkg-upgrade
-v, --vulnerable Upgrade packages which are known to be vulnerable. See pkg-audit(8) for more details. $ pkg -v 1.21.3
14.0-RELEASE-p8 + pkg 1.21.3
vulnerable なパッケージがない場合は、vulnerableでないパッケージも対象になる?
$ pkg upgrade --vulnerable (vulnerable なパッケージの更新) $ pkg upgrade --vulnerable (2回目の実行で vulnerable でないパッケージも対象になる)
14.1-RELEASE-p2 + pkg 1.21.3 は期待した挙動になる。
FreeBSD pkg コマンド概要 #パッケージ管理 - Qiita 2023
$ pkg audit 0 problem(s) in 0 installed package(s) found. /usr/local/etc/periodic/security/405.pkg-base-audit $ freebsd-version -k | sed 's,^,FreeBSD-kernel-,;s,-RELEASE-p,_,;s,-RELEASE$,,' FreeBSD-kernel-14.0_6 $ pkg audit FreeBSD-kernel-14.0_6 0 problem(s) in 0 installed package(s) found. $ pkg audit FreeBSD-kernel-14.0_4 FreeBSD-kernel-14.0_4 is vulnerable: FreeBSD -- jail(2) information leak CVE: CVE-2024-25941 WWW: https://vuxml.FreeBSD.org/freebsd/46a29f83-cb47-11ee-b609-002590c1f29c.html 1 problem(s) in 1 installed package(s) found. $ freebsd-version -u | sed 's,^,FreeBSD-,;s,-RELEASE-p,_,;s,-RELEASE$,,' FreeBSD-14.0_8 $ pkg audit FreeBSD-14.0_8 0 problem(s) in 0 installed package(s) found. $ pkg audit FreeBSD-14.0_5 FreeBSD-14.0_5 is vulnerable: DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities CVE: CVE-2023-50868 CVE: CVE-2023-50387 WWW: https://vuxml.FreeBSD.org/freebsd/21a854cc-cac1-11ee-b7a7-353f1e043d9a.html 1 problem(s) in 1 installed package(s) found.
https://vuxml.freebsd.org/freebsd/21a854cc-cac1-11ee-b7a7-353f1e043d9a.html
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities Affected packages ... 14.0 <= FreeBSD < 14.0_6
https://vuxml.freebsd.org/freebsd/f1a00122-3797-11ef-b611-84a93843eb75.html
OpenSSH -- Race condition resulting in potential remote code execution Affected packages openssh-portable < 9.7.p1_2,1
Affected packages に FreeBSD が含まれてないと報告されない。
https://www.freebsd.org/security/advisories/
