Show Posts
1
20.1 Legacy Series / security audit shows 5 CVEs but no updates available
« on: June 15, 2020, 06:16:29 pm »
I think I'm fully up to date, running the following versions according to the dashboard:
- OPNsense 20.1.7-amd64
- FreeBSD 11.2-RELEASE-p20-HBSD
- OpenSSL 1.1.1g 21 Apr 2020
Checking for updates shows none available, but the security audit shows problems with the following packages:
- python37-3.7.7 (2 CVEs)
- libnghttp2-1.40.0
- unbound-1.10.0
- json-c-0.13.1_1
Is this expected. Should I be looking somewhere other than Firmware Updates in the Web UI to update these packages?
Thanks
- OPNsense 20.1.7-amd64
- FreeBSD 11.2-RELEASE-p20-HBSD
- OpenSSL 1.1.1g 21 Apr 2020
Checking for updates shows none available, but the security audit shows problems with the following packages:
- python37-3.7.7 (2 CVEs)
- libnghttp2-1.40.0
- unbound-1.10.0
- json-c-0.13.1_1
Is this expected. Should I be looking somewhere other than Firmware Updates in the Web UI to update these packages?
Thanks