OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: Julien on February 24, 2017, 11:18:24 am

Title: audit error after update to 17.1.2
Post by: Julien on February 24, 2017, 11:18:24 am

Dear all,
after updating to the version 17.1.2, we run a audit got this error see below.

Code: [Select]

***GOT REQUEST TO AUDIT***
vulnxml file up-to-date
curl-7.52.1_1 is vulnerable:
cURL -- ocsp status validation error
CVE: CVE-2017-2629
WWW: https://vuxml.FreeBSD.org/freebsd/311e4b1c-f8ee-11e6-9940-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***
are we supposed to do something to fix this ?

thank you

Title: Re: audit error after update to 17.1.2
Post by: netranger on February 25, 2017, 01:02:48 pm

looks like it's normal that this thing is vulnerable  :o

https://curl.haxx.se/docs/vulnerabilities.html

not sure if there is a way or need to update this thing manually or if we should just wait for the next patch.

Title: Re: audit error after update to 17.1.2
Post by: franco on February 27, 2017, 01:08:35 pm

The same audit report would have happened on 17.1.1 or 17.1 since it checks against the external FreeBSD ports/packages vulnerability database.

It helps with vulnerability management, raises awareness for likely issues for missing firmware updates.

But note that we do not always steer firmware upgrades because an audit report pops up, that's impossible for syncing up 150 packages installed, especially because the release procedure takes 2 days to complete for us.


Cheers,
Franco