Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Brother4Life760

Pages1
#1
21.7 Legacy Series / Re: Security Issues
December 13, 2021, 06:44:38 PM
okay thanks dev. I use ruby so was just curious thanks for a update. Great to see the devs are active with there members.
#2
21.7 Legacy Series / Re: Security Issues
December 10, 2021, 08:39:58 PM
Doesn't answer my question in full tho these bugs have been there for two releases now
#3
21.7 Legacy Series / Security Issues
December 10, 2021, 07:48:18 PM
Is the team aware of the 4 security bugs

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.6 (amd64/OpenSSL) at Fri Dec 10 10:47:31 PST 2021
vulnxml file up-to-date
nss-3.72 is vulnerable:
  NSS -- Memory corruption
  CVE: CVE-2021-43527
  WWW: https://vuxml.freebsd.org/freebsd/47695a9c-5377-11ec-8be6-d4c9ef517024.html

ruby-2.7.4,1 is vulnerable:
  rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
  CVE: CVE-2021-41817
  WWW: https://vuxml.freebsd.org/freebsd/6916ea94-4628-11ec-bbe2-0800270512f4.html

  rubygem-cgi -- buffer overrun in CGI.escape_html
  CVE: CVE-2021-41816
  WWW: https://vuxml.freebsd.org/freebsd/2c6af5c3-4d36-11ec-a539-0800270512f4.html

  rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
  CVE: CVE-2021-41819
  WWW: https://vuxml.freebsd.org/freebsd/4548ec97-4d38-11ec-a539-0800270512f4.html

4 problem(s) in 2 installed package(s) found.
***DONE***
Pages1