alt Hacker NewsThis actually makes me happy! I must be getting old!
It truly is a bad one but I really appreciate Kevin Day for finding/reporting this and for all the volunteer work fixing this.
All I had to do was "freebsd-update fetch install && reboot" on my systems and I could continue my day. Fleet management can be that easy for both pets and cattle. I do however feel for those who have deployed embedded systems. We can only hope the firmware vendors are on top of their game.
My HN addiction is now vindicated as I would probably not have noticed this RCE until after christmas.
This makes me very grateful and gives me a warm fuzzy feeling inside!
Replies
Even better, the reboot wasn't needed as the kernel didn't get bumped on this one. Just restart the rtsold service if you're using it and sanity check your resolv.conf and resolvconf.conf.
As for noticing it quickly, add `freebsd-update cron` to crontab and it will email you the fetch summary when updates are available
If it’s a shell script fix does it even need a reboot?
> My HN addiction is now vindicated as I would probably not have noticed this RCE until after christmas.
Always makes sense to subscribe to the security-announce mailing list of major dependencies (distro/vendor, openssh, openssl etc.) and oss-security.
> We can only hope the firmware vendors are on top of their game.
You should go into comedy, this would kill at an open mic!