OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: comet on December 17, 2017, 07:26:22 am
-
Got this on a router audit:
***GOT REQUEST TO AUDIT***
Fetching vuln.xml.bz2: .......... done
libxml2-2.9.4 is vulnerable:
libxml2 -- Multiple Issues
CVE: CVE-2017-9050
CVE: CVE-2017-9049
CVE: CVE-2017-9048
CVE: CVE-2017-9047
CVE: CVE-2017-8872
WWW: https://vuxml.FreeBSD.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html
1 problem(s) in the installed packages found.
***DONE***
-
Saw that one too.
-
Hi guys,
It's true. The database is provided via FreeBSD for your pleasure. Check the CVEs and mitigate if necessary.
You can install the port if you want to mitigate via the system and restart the appropriate services:
# opnsense-code tools ports
# cd /usr/ports/textproc/libxml2
# make
# make deinstall install
17.7.11 will fix this one for sure, but in general the vulnerabilities do not necessarily adhere to our release schedule. ;)
Cheers,
Franco