# Vulnerability linux-c6-expat!



## teo (Jul 6, 2018)

I already updated the ports and packages, and the port failed in FreeBSD 11.2  for 64 bits.

# `pkg audit -F`

```
vulnxml file up-to-date
linux-c6-expat-2.0.1_5 is vulnerable:
expat -- multiple vulnerabilities
CVE: CVE-2017-9233
CVE: CVE-2016-9063
WWW: https://vuxml.FreeBSD.org/freebsd/e375ff3f-7fec-11e8-8088-28d244aee256.html

1 problem(s) in the installed packages found.
#
```


# `portmaster textproc/linux-c6-expat`

```
===>>> Currently installed version: linux-c6-expat-2.0.1_5
===>>> Port directory: /usr/ports/textproc/linux-c6-expat

===>>> Gathering distinfo list for installed ports

===>>> Launching 'make checksum' for textproc/linux-c6-expat in background
===>>> Gathering dependency list for textproc/linux-c6-expat from ports
===>>> Initial dependency check complete for textproc/linux-c6-expat


===>>> Starting build for textproc/linux-c6-expat <<<===

===>>> All dependencies are up to date

===>  Cleaning for linux-c6-expat-2.0.1_5
===>  linux-c6-expat-2.0.1_5 has known vulnerabilities:
linux-c6-expat-2.0.1_5 is vulnerable:
expat -- multiple vulnerabilities
CVE: CVE-2017-9233
CVE: CVE-2016-9063
WWW: https://vuxml.FreeBSD.org/freebsd/e375ff3f-7fec-11e8-8088-28d244aee256.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make: stopped in /usr/ports/textproc/linux-c6-expat

===>>> make build failed for textproc/linux-c6-expat
===>>> Aborting update


===>>> You can restart from the point of failure with this command line:
       portmaster <flags> textproc/linux-c6-expat

This command has been saved to /tmp/portmasterfail.txt
#
```


----------



## shkhln (Jul 6, 2018)

And your issue is?


----------



## teo (Jul 7, 2018)

shkhln said:


> And your issue is?


That generates vulnerability the system in that port,  and cannot be updated because it gives error.

 Look what would happen if that port was removed:

# `pkg delete linux-c6-expat`

```
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 10 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
    linux-c6-expat-2.0.1_5
    linux-c6-fontconfig-2.8.0_3
    linux-c6-dri-11.0.7_5
    linux-c6-xorg-libs-7.4_10
    linux-c6-cairo-1.8.8_8
    linux-c6-pango-1.28.1_7
    linux-flashplayer-30.0.0.113
    linux-c6-gdk-pixbuf2-2.24.1_5
    linux-c6-gtk2-2.24.23_7
    nspluginwrapper-1.4.4_7

Number of packages to be removed: 10

The operation will free 125 MiB.

Proceed with deinstalling packages? [y/N]:
```


----------



## shkhln (Jul 7, 2018)

teo said:


> That generates vulnerability the system in that port



That's not how it works.



teo said:


> and cannot be updated because it gives error.



The port cannot be updated because there is no update available.


----------



## teo (Jul 7, 2018)

shkhln said:


> That's not how it works.


And how do you proceed so that it does not fail and works well? At first when I tried to install the emulators/linux_base-c7 port,  I got an error, so I installed the emulators/linux_base-c6 port.


----------

