On Fri, Apr 29, 2016 at 01:13:21PM +0200, gabor at zahemszky.hu wrote:> >2) To update your vulnerable system via a binary patch: > > > >Systems running a RELEASE version of FreeBSD on the i386 or amd64 > >platforms can be updated via the freebsd-update(8) utility: > > > ># freebsd-update fetch > ># freebsd-update install > > Both on an i386 and on an amd64 machine, I got: > > ===> .... > Fetching metadasa signature for 10.3-RELEASE from update5.freebsd.org... > done > Fetching metadata index.... done > > The update metadata is correctly signed, but > failed an integrity check. > Cowardly refusing to proceed any further.This is being investigated within secteam at . Glen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160429/eb5f6d0a/attachment.sig>
gabor at zahemszky.hu
2016-Apr-29 11:13 UTC
FreeBSD Security Advisory FreeBSD-SA-16:16.ntp
> 2) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update installBoth on an i386 and on an amd64 machine, I got: ===.... Fetching metadasa signature for 10.3-RELEASE from update5.freebsd.org... done Fetching metadata index.... done The update metadata is correctly signed, but failed an integrity check. Cowardly refusing to proceed any further. === Both machines are VM-s, upgraded from 10.2. (Got the same with -s update[23456].freebsd.org, and without -s option. Zahy < Gabor at Zahemszky dot HU >
On Fri, 2016-04-29 at 13:13 +0200, gabor at zahemszky.hu wrote:> > > > 2) To update your vulnerable system via a binary patch: > > > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > > platforms can be updated via the freebsd-update(8) utility: > > > > # freebsd-update fetch > > # freebsd-update install > Both on an i386 and on an amd64 machine, I got: > > ===> .... > Fetching metadasa signature for 10.3-RELEASE from > update5.freebsd.org...? > done > Fetching metadata index.... done > > The update metadata is correctly signed, but > failed an integrity check. > Cowardly refusing to proceed any further. > ===> > Both machines are VM-s, upgraded from 10.2. > > (Got the same with -s update[23456].freebsd.org, and without -s > option. > > Zahy < Gabor at Zahemszky dot HU > > _______________________________________________I have the same. I did upgrade FreeBSD 10.2 with freebsd-update to version 10.3: freebsd-version -ku 10.3-RELEASE 10.3-RELEASE FreeBSD 10.3-RELEASE #1: Sun Apr 10 13:48:11 EDT 2016 ? ? blabla at morebl a.bla.net:/usr/obj/usr/src/sys/GENERIC??amd64 freebsd-version -ku
On 4/29/16 04:13, gabor at zahemszky.hu wrote:>> 2) To update your vulnerable system via a binary patch: >> >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >> platforms can be updated via the freebsd-update(8) utility: >> >> # freebsd-update fetch >> # freebsd-update install > > Both on an i386 and on an amd64 machine, I got: > > ===> .... > Fetching metadasa signature for 10.3-RELEASE from update5.freebsd.org... > done > Fetching metadata index.... done > > The update metadata is correctly signed, but > failed an integrity check. > Cowardly refusing to proceed any further. > ===> > Both machines are VM-s, upgraded from 10.2. > > (Got the same with -s update[23456].freebsd.org, and without -s option.There was a nit in the metadata, and this should have been addressed now. Cheers, -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160501/d8cfefe3/attachment.sig>