OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • audit error after update to 17.1.2
« previous next »
  • Print
Pages: [1]

Author Topic: audit error after update to 17.1.2  (Read 2739 times)

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
audit error after update to 17.1.2
« on: February 24, 2017, 11:18:24 am »
Dear all,
after updating to the version 17.1.2, we run a audit got this error see below.


Code: [Select]
***GOT REQUEST TO AUDIT***
vulnxml file up-to-date
curl-7.52.1_1 is vulnerable:
cURL -- ocsp status validation error
CVE: CVE-2017-2629
WWW: https://vuxml.FreeBSD.org/freebsd/311e4b1c-f8ee-11e6-9940-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***

are we supposed to do something to fix this ?

thank you
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

netranger

  • Newbie
  • *
  • Posts: 39
  • Karma: 5
    • View Profile
Re: audit error after update to 17.1.2
« Reply #1 on: February 25, 2017, 01:02:48 pm »
looks like it's normal that this thing is vulnerable  :o

https://curl.haxx.se/docs/vulnerabilities.html

not sure if there is a way or need to update this thing manually or if we should just wait for the next patch.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13988
  • Karma: 1211
    • View Profile
Re: audit error after update to 17.1.2
« Reply #2 on: February 27, 2017, 01:08:35 pm »
The same audit report would have happened on 17.1.1 or 17.1 since it checks against the external FreeBSD ports/packages vulnerability database.

It helps with vulnerability management, raises awareness for likely issues for missing firmware updates.

But note that we do not always steer firmware upgrades because an audit report pops up, that's impossible for syncing up 150 packages installed, especially because the release procedure takes 2 days to complete for us.


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • audit error after update to 17.1.2
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2