Risk of kernel only upgrade 6.2 to 6.4 ?

[bschop]

I am running a web server on 6.2 using a custom kernel. I would like to update the kernel to 6.4 to pick up the latest security patches, but really don't want to go through an entire OS upgrade.

What are the risks of deploying a 6.4 kernel on a 6.2 OS ?

 

[SirDice]

Definitely not advised. Either update both world and kernel or neither.

Also note that security updates are not for the kernel alone. Sometimes these involve the other executables that make up the base OS.

 

[DutchDaemon]

If all that compiling is not your cup of tea, try freebsd-update(8) (with freebsd-update.conf(5) / /etc/freebsd-update.conf) to update the OS/kernel (binaries) and kernel sources, and rebuild the custom kernel after the freebsd-update run has completed.

 

[bschop]

Thanks. The biggest problem I wanted to fix was the recent root access vulnerabilities, which are kernel specific.

The compiling doesn't bother me, but the server is small and doesn't have all the stuff necessary to do the work. I've tested with freebsd-update which worked, but required a lot of manual intervention ... I actually have a number of these servers and was hoping to have this be completely scripted.

I understand now, that I shouldn't just upgrade the kernel for a minor release ... but, if I did, what kind of problems might I run into ? I mean I did a quick test and the system came up just fine ... what might I see down the road ? I'm just looking to determine the level of risk.

Thanks again for the advice !

 

[Beastie]

Just to be safe, the kernel and world should *never* be out of sync in *any* case. It may cause even the "simplest" tools like ps(1) to malfunction.