HI
I am fully up to date but when i run a security audit i get the following (see below)
I have looked at the link and not sure what to do it just tells me i have issues but no way to fix it ??
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.2 at Thu Mar 9 15:09:02 GMT 2023
vulnxml file up-to-date
curl-7.87.0_1 is vulnerable:
curl -- multiple vulnerabilities
CVE: CVE-2023-23916
CVE: CVE-2023-23915
CVE: CVE-2023-23914
WWW: https://vuxml.FreeBSD.org/freebsd/be233fc6-bae7-11ed-a4fb-080027f5fec9.html
1 problem(s) in 1 installed package(s) found.
***DONE***
I noticed the same issue still exists; I'm running 23.1.3.
My security audit output:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.3 at Fri Mar 10 14:30:15 PST 2023
vulnxml file up-to-date
curl-7.87.0_1 is vulnerable:
curl -- multiple vulnerabilities
CVE: CVE-2023-23916
CVE: CVE-2023-23915
CVE: CVE-2023-23914
WWW: https://vuxml.FreeBSD.org/freebsd/be233fc6-bae7-11ed-a4fb-080027f5fec9.html
1 problem(s) in 1 installed package(s) found.
***DONE***
The last CVE listed, CVE-2023-23914, is a 9.1 critical
QuoteI have looked at the link and not sure what to do it just tells me i have issues but no way to fix it ??
if you not using curl like 'curl --hsts "" https://curl.se http://curl.se' on your opnsense then you probably no need to worry ;)
freebsd port is not updated yet afaik
Please don't report issues to us reported by the security health check, they are already known and highly likely a fix is pending for the next release.https://docs.opnsense.org/security.html
I was reporting once like you guys than readed docs, and I still do