OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: mcc85s on February 02, 2020, 06:03:43 pm

Title: CVE-2019-18634, CVE-2020-7450
Post by: mcc85s on February 02, 2020, 06:03:43 pm

Reporting (2) CVE's after upgrading to [20.1]

***GOT REQUEST TO AUDIT SECURITY***
Fetching vuln.xml.bz2: .......... done
sudo-1.8.30 is vulnerable:
sudo -- Potential bypass of Runas user restrictions
CVE: CVE-2019-18634
WWW: https://vuxml.FreeBSD.org/freebsd/b4e5f782-442d-11ea-9ba9-206a8a720317.html

pkg-1.12.0 is vulnerable:
pkg -- vulnerability in libfetch
CVE: CVE-2020-7450
WWW: https://vuxml.FreeBSD.org/freebsd/2af10639-4299-11ea-aab1-98fa9bfec35a.html

2 problem(s) in 2 installed package(s) found.
***DONE***

Title: Re: CVE-2019-18634, CVE-2020-7450
Post by: chemlud on February 02, 2020, 06:06:35 pm

...this info is for your personal use, not for posting here ;-)

Title: Re: CVE-2019-18634, CVE-2020-7450
Post by: mcc85s on February 02, 2020, 06:30:13 pm

Ok, what about for the developers?

Title: Re: CVE-2019-18634, CVE-2020-7450
Post by: mimugmail on February 02, 2020, 06:46:15 pm

They are also aware of this :)

Title: Re: CVE-2019-18634, CVE-2020-7450
Post by: chemlud on February 02, 2020, 08:05:20 pm

Quote from: mcc85s on February 02, 2020, 06:30:13 pm

Ok, what about for the developers?

...they also know how to press a button in their software... :-)