Hi opnsense,
Please advise.
Just ran a security audit and the below is shown:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.1.4 (amd64/OpenSSL) at Wed Apr 21 17:58:46 +08 2021
Fetching vuln.xml.bz2: .......... done
curl-7.75.0 is vulnerable:
curl -- Automatic referer leaks credentials
CVE: CVE-2021-22876
WWW: https://vuxml.FreeBSD.org/freebsd/b1194286-958e-11eb-9c34-080027f515ea.html
curl-7.75.0 is vulnerable:
curl -- TLS 1.3 session ticket proxy host mixup
CVE: CVE-2021-22890
WWW: https://vuxml.FreeBSD.org/freebsd/d10fc771-958f-11eb-9c34-080027f515ea.html
nettle-3.6 is vulnerable:
nettle 3.7.2 -- fix serious ECDSA signature verify bug
WWW: https://vuxml.FreeBSD.org/freebsd/80f9dbd3-8eec-11eb-b9e8-3525f51429a0.html
dnsmasq-2.84,1 is vulnerable:
dnsmasq -- cache poisoning vulnerability in certain configurations
CVE: CVE-2021-3448
WWW: https://vuxml.FreeBSD.org/freebsd/5b72b1ff-877c-11eb-bd4f-2f1d57dafe46.html
4 problem(s) in 3 installed package(s) found.
***DONE***
Update to 21.1.5 ;)
Cheers,
Franco
PS:
> Please advise.
The security scanner is for your convenience already, not for asking questions what to do with its results.
Hi Franco,
Apologies ... i ran updates before you posted 21.1.5, which I just ran again and saw it. Its just to highlight the issues. :)
Thanks
No worries. Happy to be able to provide the update today.
Cheers,
Franco