OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • CVE-2018-0732
« previous next »
  • Print
Pages: [1]

Author Topic: CVE-2018-0732  (Read 1058 times)

Wyrm

  • Jr. Member
  • **
  • Posts: 54
  • Karma: 1
    • View Profile
CVE-2018-0732
« on: July 19, 2018, 02:57:39 pm »
Hi,
I have done security audit on version 18.1.12 and there is security vulnerabilty:

***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
libressl-2.6.5 is vulnerable:
OpenSSL -- Client DoS due to large DH parameter
CVE: CVE-2018-0732
WWW: https://vuxml.FreeBSD.org/freebsd/c82ecac5-6e3f-11e8-8777-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***

Versions on box:
OPNsense 18.1.12-amd64
FreeBSD 11.1-RELEASE-p11
LibreSSL 2.6.5

Is it Ok, or there will be some patch ?

Thanks for reply...
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 10548
  • Karma: 834
    • View Profile
Re: CVE-2018-0732
« Reply #1 on: July 19, 2018, 05:14:29 pm »
Hi,

LibreSSL 2.6.5 is not vulnerable. There is an error in the FreeBSD database and the ports security team did not merge the fix:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229037


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • CVE-2018-0732
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2