Text only | Text with Images

OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: phoenix on September 09, 2022, 01:16:50 PM

Title: Update to 22.7.4 - is this correct
Post by: phoenix on September 09, 2022, 01:16:50 PM
I've recently done the update to 22.7.4 but when I ran an audit I get what seems to be contradictory information.

The following shows I have 2.7.4 and a vulnerability in python:

Code Select
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 22.7.4 (amd64/OpenSSL) at Fri Sep  9 10:59:51 UTC 2022
vulnxml file up-to-date
python39-3.9.13 is vulnerable:
  Python -- multiple vulnerabilities
  CVE: CVE-2020-10735
  WWW: https://vuxml.FreeBSD.org/freebsd/80e057e7-2f0a-11ed-978f-fcaa147e860e.html

1 problem(s) in 1 installed package(s) found.
***DONE***

The following Health report tells me I'm running 22.7.4  and that  I have 22.7.3 kernel and base, is this correct?

Code Select
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.4 (amd64/OpenSSL) at Fri Sep  9 11:01:20 UTC 2022
>>> Check installed kernel version
Version 22.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-intrusion-detection-content-pt-open 1.0_1
os-maltrail 1.9
os-theme-rebellion 1.8.8
os-vmware 1.5_1
os-wireguard 1.12
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***
Title: Re: Update to 22.7.4 - is this correct
Post by: Greelan on September 10, 2022, 03:33:57 AM
Yes, correct
Title: Re: Update to 22.7.4 - is this correct
Post by: phoenix on September 10, 2022, 04:50:29 PM
Quote from: Greelan on September 10, 2022, 03:33:57 AM
Yes, correct
Thanks for your quick answer. :) To me it seems that those different 'versions'  might be a tad confusing, it was to me.
Title: Re: Update to 22.7.4 - is this correct
Post by: Greelan on September 10, 2022, 11:07:52 PM
Not every update involves a base/kernel update
Title: Re: Update to 22.7.4 - is this correct
Post by: depc80 on September 13, 2022, 12:43:11 AM
I have the same
Code Select
python39-3.9.13 is vulnerable . Is it bad?
Title: Re: Update to 22.7.4 - is this correct
Post by: FullyBorked on September 13, 2022, 08:33:20 PM
Quote from: depc80 on September 13, 2022, 12:43:11 AM
I have the same
Code Select
python39-3.9.13 is vulnerable . Is it bad?

https://vuxml.freebsd.org/freebsd/80e057e7-2f0a-11ed-978f-fcaa147e860e.html this is a description of the vulnerability.  You'll need to decide if this is bad in your particular environment and figure out what if any mitigations you should take.  For me I don't worry about DOS attacks and I'm not exposing HTTP to the world so these aren't a worry for myself personally. 
Text only | Text with Images