OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: magnust on October 01, 2020, 06:20:27 pm

Title: libxml -- multiple vulnerabilities
Post by: magnust on October 01, 2020, 06:20:27 pm

Known thing?

***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
libxml2-2.9.10 is vulnerable:
libxml -- multiple vulnerabilities
WWW: https://vuxml.FreeBSD.org/freebsd/f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9.html

1 problem(s) in 1 installed package(s) found.
***DONE***


OPNsense 20.7.3-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
LibreSSL 3.1.4

Title: Re: libxml -- multiple vulnerabilities
Post by: mimugmail on October 01, 2020, 07:38:20 pm

Yes, packages will always be Updated with a new release

Title: Re: libxml -- multiple vulnerabilities
Post by: magnust on October 08, 2020, 07:04:22 pm

So this is supposed to be vulnerable with 20.7.3 and probably fixed in a future 20.7.4? So I understand this correctly  :)

Title: Re: libxml -- multiple vulnerabilities
Post by: mimugmail on October 08, 2020, 08:18:29 pm

Yes

Title: Re: libxml -- multiple vulnerabilities
Post by: magnust on October 08, 2020, 11:25:01 pm

Thank you!

Title: Re: libxml -- multiple vulnerabilities
Post by: packet loss on October 10, 2020, 02:36:59 am

magnust if you are really concerned about it you can update it yourself using the FreeBSD repository. From the console edit the FreeBSD.conf file at:

/usr/local/etc/pkg/repos/FreeBSD.conf

add the following information:

Code: [Select]

FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
From the console run the following commands:

Code: [Select]

pkg update
pkg install libxml2-2.9.10_1
pkg clean
At this point I would remove the information you added to the FreeBSD.conf file otherwise you will have issues with updating OPNsense. This is a temporary fix until until the OPNsense 20.7.4 update.