OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: bruci3 on December 31, 2019, 11:12:50 pm
-
Hi all,
I just updated my Opnsense to latest version.
OPNsense 19.7.8-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.0.2t 10 Sep 2019
I got this when running security audit:
***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
openssl-1.0.2t,1 is vulnerable:
OpenSSL -- Overflow vulnerability
CVE: CVE-2019-1551
WWW: https://vuxml.FreeBSD.org/freebsd/d778ddb0-2338-11ea-a1c7-b499baebfeaf.html
1 problem(s) in 1 installed package(s) found.
***DONE***
Should I be concerned? If so, is there anything I can do about it?
-
Looks like it is only triggered on key generation and only when generating weak keys.
-
Thanks for the prompt reply.
-
Guys, please don't post vulnerability reports. We do all get the same report and we already work on inclusion whether you've seen it or not. ;)
The report is solely for you in three separate ways:
1. You know a security bug was found in the software and somebody is/was working on a fix.
2. You know the details to be able to mitigate the issue if possible.
3. You know an OPNsense update is coming eventually to address this.
Cheers,
Franco