OPNsense Forum

Archive => 23.1 Legacy Series => Topic started by: buddystad on July 28, 2023, 04:12:49 pm

Title: How to remove pkg opsenssh-portable-9.3.p1
Post by: buddystad on July 28, 2023, 04:12:49 pm

Hello,

I sent this question to a guru. He is probably on vacation I guess. So I am posting it here

I recently installed OPNsense 23.1.11, and the security auditing showed one vulnerability related the default openssh-portable-9.3.p1. So I downloaded the openssh-9.3.p2, trying to avoid the vulnerability. The new openssh is working.

Now the auditing still shows the vulnerable 9.3.p1.  So I tried to remove the old 9.3.p1, it always tells me it would remove the opnsense kernel 23.1.11 as well.

So, is there a way to just remove the openssh-9.3.p1 without touching the opnsense 23.1.11? or is it safe to keep the old p2?

Appreciate it

Buddy S.

Title: Re: How to remove pkg opsenssh-portable-9.3.p1
Post by: newsense on July 30, 2023, 01:40:46 am

No need to fret, 23.7 will be out on Monday July 31st and has all the latest patches. There's no manual intervention needed.

As a side note, if running on older/slower HW with no visibility into the boot up process please remember that an APU can take 15+ minutes from the moment it finished all downloads and starts rebooting until is back up online. No other action would be required other than patience.

Title: Re: How to remove pkg opsenssh-portable-9.3.p1
Post by: buddystad on July 30, 2023, 03:00:33 am

Thank you new sense for the kind reply.

I may use the 23.7, even though I am not sure it's a good idea to load this 23.7 right away.

Anyhow, I am still curious about how to remove the openssjh-9.3.p1, not touching the opnsense kernel for sure.

Moreover, can we upgrade to 23.7 directly from 23.1.11? Cause we know 23.7 is on FreeBSD 13.2,  23.1.11 on 13.1. 

I assume my current HW running 23.1.11 would be fine with the 23.7. Please correct me if not.

Thanks a lot

Title: Re: How to remove pkg opsenssh-portable-9.3.p1
Post by: newsense on July 30, 2023, 04:12:37 am

I've been running the 13.2 kernel/base pkgs since early June on multiple FWs, the 23..r1-3 releases were rather uneventful and I've already upgraded everything to 23.7.

I don't exclude the random IPv6 or PPPoE issue here and there to creep up, and those using Zenarmor will have to wait most likely for the green light as usual, however I see no reason to wait going to 23.7 as soon as the enablement packages is published.

HW wise you'll be fine, I'd recommend installing  the os-hw-probe plugin which will be useful for the FreeBSD devs in knowing what hardware is running FreeBSD and what may need attention