audit error after update to 17.1.2

Started by Julien, February 24, 2017, 11:18:24 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 24, 2017, 11:18:24 AM
Dear all,
after updating to the version 17.1.2, we run a audit got this error see below.


Code Select
***GOT REQUEST TO AUDIT***
vulnxml file up-to-date
curl-7.52.1_1 is vulnerable:
cURL -- ocsp status validation error
CVE: CVE-2017-2629
WWW: https://vuxml.FreeBSD.org/freebsd/311e4b1c-f8ee-11e6-9940-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***

are we supposed to do something to fix this ?

thank you
DEC4240 – OPNsense Owner
February 25, 2017, 01:02:48 PM #1
looks like it's normal that this thing is vulnerable  :o

https://curl.haxx.se/docs/vulnerabilities.html

not sure if there is a way or need to update this thing manually or if we should just wait for the next patch.
February 27, 2017, 01:08:35 PM #2
The same audit report would have happened on 17.1.1 or 17.1 since it checks against the external FreeBSD ports/packages vulnerability database.

It helps with vulnerability management, raises awareness for likely issues for missing firmware updates.

But note that we do not always steer firmware upgrades because an audit report pops up, that's impossible for syncing up 150 packages installed, especially because the release procedure takes 2 days to complete for us.


Cheers,
Franco
Print
Go Up Pages1
User actions