Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: InFlammen on August 12, 2024, 03:11:37 PM

Title: CVE-2024-7589 (OpenSSH pre-authentication)
Post by: InFlammen on August 12, 2024, 03:11:37 PM
I believe this urgent patch couldn't make it in 24.7.1 ?  :-\

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:08.openssh.asc
https://thehackernews.com/2024/08/freebsd-releases-urgent-patch-for-high.html
Title: Re: CVE-2024-7589 (OpenSSH pre-authentication)
Post by: franco on August 12, 2024, 03:14:29 PM
We don't build OpenSSH from src.git:

https://github.com/opnsense/tools/blob/382f837cd0d4b0478202ac26c85c4dea5b09d6ee/config/24.7/src.conf#L24

And in ports apparently you need the BLACKLISTD option to be vulnerable for openssh-portable:

# pkg info openssh-portable | grep BLACKLISTD
   BLACKLISTD     : off


Cheers,
Franco
Title: Re: CVE-2024-7589 (OpenSSH pre-authentication)
Post by: InFlammen on August 12, 2024, 03:16:31 PM
Good to know. Thanks!!!  8)
Text only | Text with Images