17.1 beta multiple vulnerabilities NTP / Squid

[tillsense]

Hi Franco,

is there a chance to fix this over console on beta?

--------------------------------------------------------------------
OPNsense 17.1.b_60-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

[tillsense]

Ok i found this: https://github.com/opnsense/ports/issues/30 and switch to

17.1/experimental

this is a good place for new updates 

Happy Holidays and many thanks for the great work!

cheers till

--------------------------------------------------------------------
OPNsense 17.1.b_60-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

[franco]

Hi Till,

Experimental has been updated again, but please don't rely on it. There is no automated build on the other side. It's just for testing changes that we will not officially publish.

Please also note the vulnerability scan is a courtesy of FreeBSD. It is not meant to indicate update schedules. It is simply a tool for vulnerability management we wanted to bring to our users.


Happy holidays!

Cheers,
Franco

[tillsense]

Hi Franco,

yes just for testing...and thank you!

Any help in making 17.1 the best it could possibly be for its final release at the end of January 2017 is highly appreciated. Please do not hesitate to contact us through any of the known channels:

how can i install one of the new kernel(latest/route) in sets? The base package is missing/not necessary? What is *route*? (rc*out*possibly*) 33M?

cheers till

--------------------------------------------------------------------
OPNsense 17.1.b_73-amd64
FreeBSD 11.0-RELEASE-p5
OpenSSL 1.0.2j 26 Sep 2016

[franco]

The test kernels have no signatures and base sets, you can install them via:

# opnsense-update -kir 17.1.b-NAME

-i is for insecure (no signature)
-k is for kernel only
-r is the name of the release

17.1.b-latest is an up-to-date version of 17.1.b with some modifications to SEGVGUARD by Shawn.

17.1.b-route is a test kernel based on FreeBSD 12-CURRENT GENERIC for work that we do to finally enable multi-wan + ipfw traffic shaping and captive portal usage. I do not recommend using this one.

[tillsense]

is running... thanks!

Code: [Select]

FreeBSD 11.0-RELEASE-p6 #0 eebfd11d3(master): Sun Dec 25 15:36:58 CET 2016
    root@sensey64:/usr/obj/usr/src/sys/SMP amd64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0)
[HBSD LOG] logging to system: enabled
[HBSD LOG] logging to user: disabled
[HBSD ASLR] status: opt-out
[HBSD ASLR] mmap: 30 bit
[HBSD ASLR] exec base: 30 bit
[HBSD ASLR] stack: 42 bit
[HBSD ASLR] vdso: 28 bit
[HBSD ASLR] map32bit: 18 bit
[HBSD ASLR] disallow MAP_32BIT mode mmap: opt-in
[HBSD ASLR (compat)] status: opt-out
[HBSD ASLR (compat)] mmap: 14 bit
[HBSD ASLR (compat)] exec base: 14 bit
[HBSD ASLR (compat)] stack: 14 bit
[HBSD ASLR (compat)] vdso: 8 bit
[HBSD SEGVGUARD] status: opt-out
[HBSD SEGVGUARD] expiry: 120 sec
[HBSD SEGVGUARD] suspension: 600 sec
[HBSD SEGVGUARD] maxcrashes: 5
CPU: AMD G-T40E Processor (1000.02-MHz K8-class CPU)

--------------------------------------------------------------------
OPNsense 17.1.b_73-amd64
FreeBSD 11.0-RELEASE-p6
OpenSSL 1.0.2j 26 Sep 2016

[franco]

Cool, thanks.