OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: sorano on September 08, 2021, 06:55:51 pm
-
Just a heads up to my fellow HAProxy users.
HAProxy has a vulnerability that is quite nasty, see the following github link for mitigation until a fixed version is available:
https://github.com/haproxy/haproxy/commit/3b69886f7dcc3cfb3d166309018e6cfec9ce2c95
-
Hi,
Is there a guide somewhere on how to apply the workaround, or has this already been resolved in the 21.7.3_3 update which I'm already running?
Thanks
Gareth
-
This was fixed in 21.7.3 but forgotten in the release notes.
-
Since HAProxy is not part of our core plugin maintainers need to write release notes for their plugins and those are properly linked in the release notes if updates exist. As of now, no maintainer writes release notes for binary package updates. It is what it is.
Cheers,
Franco
-
Hi Franco,
No worries on that, just wanted to check if there was anything else I needed to do.
Thanks very much for the help guys :)
Gareth
-
Usually the FreeBSD security audit works, but it was broken for two weeks which made it a little harder to know what was actually fixed and what was not beyond the scope of our release notes:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258802
Also our nightly builds offer audit capability over all binary packages we provide (not just core dependencies):
https://nightly.opnsense.org/22.1/amd64/logs/202110060005/11-audit-OpenSSL.log.err
>>> The following vulnerable packages exist:
consul-1.9.9 is vulnerable
redis-6.2.5_1 is vulnerable
*** Error code 1
Long story short it's best to ask for help here if the situation is unclear. I just wanted to comment on the "forgotten" part that this was actually not the case because out of immediate scope. :)
Cheers,
Franco