OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: vividou on March 05, 2018, 07:18:01 pm

Title: update 18.1.3: audit security problem?
Post by: vividou on March 05, 2018, 07:18:01 pm
Hello,

After updating Opnsense to the version 18.1.3, the security audit returns the following message:
Code: [Select]
***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
isc-dhcp43-client-4.3.6 is vulnerable:
isc-dhcp -- Multiple vulnerabilities
CVE: CVE-2018-5733
CVE: CVE-2018-5732
WWW: https://vuxml.FreeBSD.org/freebsd/2040c7f5-1e3a-11e8-8ae9-0050569f0b83.html

1 problem(s) in the installed packages found.
***DONE***

Is it a bug?
Title: Re: update 18.1.3: audit security problem?
Post by: guest15389 on March 05, 2018, 10:10:43 pm
No. That's just a feature they so you can see what CVEs are out there for certain things. They'll usually patch it at some point :)
Title: Re: update 18.1.3: audit security problem?
Post by: franco on March 06, 2018, 07:48:38 am
Release builds take 1-2 days normally, this time around we also waited for the weekend to clear. That makes 4 days where new CVEs become known that can't magically make it into a prepared release.

We're preparing for 18.1.4 on Thursday.


Cheers,
Franco