Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - reachmedia

Pages1
#1
21.1 Legacy Series / Re: Run security audit
April 21, 2021, 12:29:35 PM
Hi Franco,

Apologies ... i ran updates before you posted 21.1.5, which I just ran again and saw it. Its just to highlight the issues. :)

Thanks
#2
21.1 Legacy Series / Run security audit
April 21, 2021, 12:01:30 PM
Hi opnsense,

Please advise.

Just ran a security audit and the below is shown:

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.1.4 (amd64/OpenSSL) at Wed Apr 21 17:58:46 +08 2021
Fetching vuln.xml.bz2: .......... done
curl-7.75.0 is vulnerable:
curl -- Automatic referer leaks credentials
CVE: CVE-2021-22876
WWW: https://vuxml.freebsd.org/freebsd/b1194286-958e-11eb-9c34-080027f515ea.html

curl-7.75.0 is vulnerable:
curl -- TLS 1.3 session ticket proxy host mixup
CVE: CVE-2021-22890
WWW: https://vuxml.freebsd.org/freebsd/d10fc771-958f-11eb-9c34-080027f515ea.html

nettle-3.6 is vulnerable:
nettle 3.7.2 -- fix serious ECDSA signature verify bug
WWW: https://vuxml.freebsd.org/freebsd/80f9dbd3-8eec-11eb-b9e8-3525f51429a0.html

dnsmasq-2.84,1 is vulnerable:
dnsmasq -- cache poisoning vulnerability in certain configurations
CVE: CVE-2021-3448
WWW: https://vuxml.freebsd.org/freebsd/5b72b1ff-877c-11eb-bd4f-2f1d57dafe46.html

4 problem(s) in 3 installed package(s) found.
***DONE***
Pages1