I ran a security audit and got the following.
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.9 at Mon Jun 5 19:21:32 PDT 2023
vulnxml file up-to-date
openssl-1.1.1t_2,1 is vulnerable:
OpenSSL -- Possible DoS translating ASN.1 identifiers
CVE: CVE-2023-2650
WWW: https://vuxml.FreeBSD.org/freebsd/eb9a3c57-ff9e-11ed-a0d1-84a93843eb75.html
py39-setuptools-63.1.0 is vulnerable:
py39-setuptools -- denial of service vulnerability
CVE: CVE-2022-40897
WWW: https://vuxml.FreeBSD.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html
2 problem(s) in 2 installed package(s) found.
***DONE***
I've seen posts dating back to 2021/2022 that talk about similar or possibly the same issue. Is there any concern?
Thank you
A lot to unpack...
> CVE-2023-2650
> I've seen posts dating back to 2021/2022 that talk about similar or possibly the same issue.
That seems unlikely.
> CVE-2022-40897
It's been in FreeBSD ports for some weeks now. It doesn't look very relevant to normal operation.
> Is there any concern?
Depends on the question ;)
Is there any concern to make known vulnerabilities public? No.
Is there any concern to know vulnerabilities exist? No.
Is there any concern to the security of your installation? I don't know.
Cheers,
Franco
Thanks for clarifying, Franco. 👍