Messages

1

21.7 Legacy Series / Re: Security Issues

« on: December 13, 2021, 06:44:38 pm »

okay thanks dev. I use ruby so was just curious thanks for a update. Great to see the devs are active with there members.

2

21.7 Legacy Series / Re: Security Issues

« on: December 10, 2021, 08:39:58 pm »

Doesn't answer my question in full tho these bugs have been there for two releases now

3

21.7 Legacy Series / Security Issues

« on: December 10, 2021, 07:48:18 pm »

Is the team aware of the 4 security bugs

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.6 (amd64/OpenSSL) at Fri Dec 10 10:47:31 PST 2021
vulnxml file up-to-date
nss-3.72 is vulnerable:
  NSS -- Memory corruption
  CVE: CVE-2021-43527
  WWW: https://vuxml.FreeBSD.org/freebsd/47695a9c-5377-11ec-8be6-d4c9ef517024.html

ruby-2.7.4,1 is vulnerable:
  rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
  CVE: CVE-2021-41817
  WWW: https://vuxml.FreeBSD.org/freebsd/6916ea94-4628-11ec-bbe2-0800270512f4.html

  rubygem-cgi -- buffer overrun in CGI.escape_html
  CVE: CVE-2021-41816
  WWW: https://vuxml.FreeBSD.org/freebsd/2c6af5c3-4d36-11ec-a539-0800270512f4.html

  rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
  CVE: CVE-2021-41819
  WWW: https://vuxml.FreeBSD.org/freebsd/4548ec97-4d38-11ec-a539-0800270512f4.html

4 problem(s) in 2 installed package(s) found.
***DONE***