"Quote from: b1k3rdude on June 15, 2024, 11:17:54 PMJust an update to first point. I just noticed that on the update tab on the webGUI, I had NOT been scrolling all the way to the bottom. So all this time when checking for updates I thought it was failing, you live and learn. Just updated to 24.1.9_3, doh!
So I am now running 24.1.8 and the 3 things I learned were -
- use SSH/console for updating/upgrading, as doing this through the webGUI is unreliable or wont work at all.
- pressing Q (not esc, space, enter) will quit the text file when attempting an update via the console.
- even though progress would appear to have hung when doing the update via the console via SSH, clicking into and pressing enter will refresh the window.
So thank you everyone that helped and gave advice (Franco, Patrick and Newsense), that helped me to help myself. The issue can be marked as resolved :-)
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 20, 2024, 01:00:59 PM #2
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 15, 2024, 11:17:54 PM
So I am now running 24.1.8 and the 3 things I learned were -
- use SSH/console for updating/upgrading, as doing this through the webGUI is unreliable or wont work at all.
- pressing Q (not esc, space, enter) will quit the text file when attempting an update via the console.
- even though progress would appear to have hung when doing the update via the console via SSH, clicking into and pressing enter will refresh the window.
So thank you everyone that helped and gave advice (Franco, Patrick and Newsense), that helped me to help myself. The issue can be marked as resolved :-)
- use SSH/console for updating/upgrading, as doing this through the webGUI is unreliable or wont work at all.
- pressing Q (not esc, space, enter) will quit the text file when attempting an update via the console.
- even though progress would appear to have hung when doing the update via the console via SSH, clicking into and pressing enter will refresh the window.
So thank you everyone that helped and gave advice (Franco, Patrick and Newsense), that helped me to help myself. The issue can be marked as resolved :-)
#3
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 15, 2024, 10:49:38 PM
So upgrading with the Webgui never seems to actually do an upgrade/update. I have had to do every update/upgrade via the console via SSH.
I'm now running 24.1.5_3 and am trying to update to 24.1.8...
I'm now running 24.1.5_3 and am trying to update to 24.1.8...
#4
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 15, 2024, 08:59:11 PM
So that worked, but i had to manually reboot via ssh despite being asked to and rebooting after doing the upgrade. So now I am on 23.7.13_5.
But im having to type this reply from my phone, because i am getting access denied on the desktop, wtf? Its like ive been ip blocked for some reason, if so why?
But im having to type this reply from my phone, because i am getting access denied on the desktop, wtf? Its like ive been ip blocked for some reason, if so why?
#5
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 15, 2024, 06:57:13 PM
Hah, bloody surmised it might be something smple that.. bah!
Well between my reply above and now I did a search "trying to do update from console stuck on readable opnsense" which then led me to the following post -
- https://forum.opnsense.org/index.php?topic=30836.0
This then made me aware that "opnsense-update" was changed to "opnsense-update -bkp", and I obviously wasnt aware of this. So an doing an update via the CLI as I type this...
Will be back with the result.
Well between my reply above and now I did a search "trying to do update from console stuck on readable opnsense" which then led me to the following post -
- https://forum.opnsense.org/index.php?topic=30836.0
This then made me aware that "opnsense-update" was changed to "opnsense-update -bkp", and I obviously wasnt aware of this. So an doing an update via the CLI as I type this...
Will be back with the result.
#6
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 15, 2024, 06:35:20 PMQuote from: franco on June 13, 2024, 06:24:39 PMHow would I do this is both attempting via the webGui and manually via SSH and the console fail..?
PS: Not sure why your health audit claims everything is on 23.7, but in this case going to 23.7.12 should be trivial?
And when doing so bia ssh and the console, I mean it displays a readme/txt outbut, but I dont know how to continue from that point. Pressing escape, space or enter does nothing
#7
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 13, 2024, 06:08:25 PM
Atm its default>community, but get the same issue if I specify a local mirror. Checking my post above it looks like one of the errors is "Error updating repositories!" and its trying to connect via IPV6 only, why isnt it trying to also update via IPV4 or is that a red hearring..?
That and why isnt connecting to whats looks like the repo for the version on my box (https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7) why isnt not looking update to a later version..?
Where there might be an upgrade log, but Ive not been able to find it. Where 'exacty' is it supposed to be lcoations? as im not seeing antying with the keyword 'upgrade' in the section "System: Log Files: Audit" for example.
That and why isnt connecting to whats looks like the repo for the version on my box (https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7) why isnt not looking update to a later version..?
Where there might be an upgrade log, but Ive not been able to find it. Where 'exacty' is it supposed to be lcoations? as im not seeing antying with the keyword 'upgrade' in the section "System: Log Files: Audit" for example.
#8
24.1, 24.4 Legacy Series / Re: Unable update from 23.7.12 to 24.1.8
June 13, 2024, 01:33:18 PM
Hi Franco
I dont know where to obtain that from, but (see below) for the system>firmware> audit outputs.
And I have attached a copy of the update ppoup I get when trying to do an update via the web-GUI.
Connectivity:
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.7 at Thu Jun 13 12:13:09 BST 2024
Checking connectivity for host: www.mirrorservice.org -> 212.219.56.184
PING 212.219.56.184 (212.219.56.184): 1500 data bytes
1508 bytes from 212.219.56.184: icmp_seq=1 ttl=53 time=10.464 ms
1508 bytes from 212.219.56.184: icmp_seq=2 ttl=53 time=8.980 ms
1508 bytes from 212.219.56.184: icmp_seq=3 ttl=53 time=9.976 ms
--- 212.219.56.184 ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 8.980/9.807/10.464/0.617 ms
Checking connectivity for repository (IPv4): https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 863 packages processed.
All repositories are up to date.
Checking connectivity for host: www.mirrorservice.org -> 2001:630:341:12::184
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7
Updating OPNsense repository catalogue...
pkg: https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
Health:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.7 at Thu Jun 13 12:20:00 BST 2024
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
No plugins found.
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: .
beep-1.0_1 version mismatch, expected 1.0_2
Checking packages: .
ca_root_nss-3.91 version mismatch, expected 3.93
Checking packages: .
choparp-20150613 version mismatch, expected 20150613_1
Checking packages: ......
filterlog-0.7 version mismatch, expected 0.7_1
Checking packages: ...
hostapd-2.10_5 version mismatch, expected 2.10_8
Checking packages: .....
lighttpd-1.4.71 version mismatch, expected 1.4.73
Checking packages: ..
mpd5-5.9_16 version mismatch, expected 5.9_17
Checking packages: .
ntp-4.2.8p17 version mismatch, expected 4.2.8p17_1
Checking packages: .
openssh-portable-9.3.p2,1 version mismatch, expected 9.6.p1_1,1
Checking packages: .
openvpn-2.6.5 version mismatch, expected 2.6.8_1
Checking packages: .
opnsense-23.7 version mismatch, expected 23.7.12_5
Checking packages: .
opnsense-installer-23.1 version mismatch, expected 24.1
Checking packages: .
opnsense-lang-22.7.3 version mismatch, expected 23.7.11
Checking packages: .
opnsense-update-23.7 version mismatch, expected 23.7.10_1
Checking packages: ..
pftop-0.8_4 version mismatch, expected 0.10
Checking packages: .
php82-ctype-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-curl-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-dom-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-filter-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-gettext-8.2.8 version mismatch, expected 8.2.14
Checking packages: ..
php82-ldap-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-pdo-8.2.8 version mismatch, expected 8.2.14
Checking packages: ...
php82-phalcon-5.2.3 version mismatch, expected 5.3.1
Checking packages: .
php82-phpseclib-3.0.19 version mismatch, expected 3.0.34
Checking packages: .
php82-session-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-simplexml-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-sockets-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-sqlite3-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-xml-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-zlib-8.2.8 version mismatch, expected 8.2.14
Checking packages: ...
py39-dnspython-2.4.0,1 version mismatch, expected 2.4.2,1
Checking packages: ..
py39-netaddr-0.8.0 version mismatch, expected 0.10.1
Checking packages: .
py39-numpy-1.25.0,1 version mismatch, expected 1.25.0_4,1
Checking packages: ...
py39-sqlite3-3.9.17_7 version mismatch, expected 3.9.18_7
Checking packages: .
py39-ujson-5.8.0 version mismatch, expected 5.9.0
Checking packages: ...
rrdtool-1.8.0_2 version mismatch, expected 1.8.0_3
Checking packages: ..
squid-5.9 version mismatch, expected 6.6
Checking packages: .
strongswan-5.9.10_2 version mismatch, expected 5.9.13
Checking packages: .
sudo-1.9.14p3 version mismatch, expected 1.9.15p5
Checking packages: .
suricata-6.0.13_1 version mismatch, expected 6.0.15
Checking packages: .
syslog-ng-4.2.0 version mismatch, expected 4.4.0
Checking packages: .
unbound-1.17.1_3 version mismatch, expected 1.19.0
Checking packages: .
wpa_supplicant-2.10_6 version mismatch, expected 2.10_10
Checking packages: . done
***DONE***
Security:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.7 at Thu Jun 13 12:23:41 BST 2024
Fetching vuln.xml.xz: .......... done
unbound-1.17.1_3 is vulnerable:
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
CVE: CVE-2023-50868
CVE: CVE-2023-50387
WWW: https://vuxml.freebsd.org/freebsd/21a854cc-cac1-11ee-b7a7-353f1e043d9a.html
openssl-1.1.1u,1 is vulnerable:
OpenSSL -- Multiple vulnerabilities
CVE: CVE-2023-6237
CVE: CVE-2024-0727
WWW: https://vuxml.freebsd.org/freebsd/10dee731-c069-11ee-9190-84a93843eb75.html
OpenSSL -- Vector register corruption on PowerPC
CVE: CVE-2023-6129
WWW: https://vuxml.freebsd.org/freebsd/8337251b-b07b-11ee-b0d7-84a93843eb75.html
OpenSSL -- Denial of Service vulnerability
CVE: CVE-2024-4603
WWW: https://vuxml.freebsd.org/freebsd/b88aa380-1442-11ef-a490-84a93843eb75.html
OpenSSL -- Excessive time spent checking DH q parameter value
CVE: CVE-2023-3817
WWW: https://vuxml.freebsd.org/freebsd/bad6588e-2fe0-11ee-a0d1-84a93843eb75.html
OpenSSL -- Use after free vulnerability
CVE: CVE-2024-4741
WWW: https://vuxml.freebsd.org/freebsd/73a697d7-1d0f-11ef-a490-84a93843eb75.html
OpenSSL -- DoS in DH generation
CVE: CVE-2023-5678
WWW: https://vuxml.freebsd.org/freebsd/a5956603-7e4f-11ee-9df6-84a93843eb75.html
OpenSSL -- potential loss of confidentiality
CVE: CVE-2023-5363
WWW: https://vuxml.freebsd.org/freebsd/4a4712ae-7299-11ee-85eb-84a93843eb75.html
OpenSSL -- Unbounded memory growth with session handling in TLSv1.3
CVE: CVE-2024-2511
WWW: https://vuxml.freebsd.org/freebsd/7c217849-f7d7-11ee-a490-84a93843eb75.html
openvpn-2.6.5 is vulnerable:
openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
CVE: CVE-2023-46850
CVE: CVE-2023-46849
WWW: https://vuxml.freebsd.org/freebsd/2fe004f5-83fd-11ee-9f5d-31909fb2f495.html
krb5-1.21.1 is vulnerable:
krb5 -- Double-free in KDC TGS processing
CVE: CVE-2023-39975
WWW: https://vuxml.freebsd.org/freebsd/a6986f0f-3ac0-11ee-9a88-206a8a720317.html
python39-3.9.17 is vulnerable:
Python -- multiple vulnerabilities
CVE: CVE-2023-40217
WWW: https://vuxml.freebsd.org/freebsd/a57472ba-4d84-11ee-bf05-000c29de725b.html
php82-8.2.8 is vulnerable:
php -- Multiple vulnerabilities
CVE: CVE-2024-2757
CVE: CVE-2024-3096
CVE: CVE-2024-2756
CVE: CVE-2024-1874
WWW: https://vuxml.freebsd.org/freebsd/6d82c5e9-fc24-11ee-a689-04421a1baf97.html
curl-8.1.2 is vulnerable:
curl -- HTTP headers eat all memory
CVE: CVE-2023-38039
WWW: https://vuxml.freebsd.org/freebsd/833b469b-5247-11ee-9667-080027f5fec9.html
curl -- SOCKS5 heap buffer overflow
CVE: CVE-2023-38545
WWW: https://vuxml.freebsd.org/freebsd/d6c19e8c-6806-11ee-9464-b42e991fc52e.html
curl -- OCSP verification bypass with TLS session reuse
CVE: CVE-2024-0853
WWW: https://vuxml.freebsd.org/freebsd/02e33cd1-c655-11ee-8613-08002784c58d.html
suricata-6.0.13_1 is vulnerable:
suricata -- multiple vulnerabilities
CVE: CVE-2024-23837
CVE: CVE-2024-24568
CVE: CVE-2024-23835
CVE: CVE-2024-23836
CVE: CVE-2024-23839
WWW: https://vuxml.freebsd.org/freebsd/979dc373-d27d-11ee-8b84-b42e991fc52e.html
squid-5.9 is vulnerable:
squid -- Multiple vulnerabilities
WWW: https://vuxml.freebsd.org/freebsd/a8fb8e3a-730d-11ee-ab61-b42e991fc52e.html
strongswan-5.9.10_2 is vulnerable:
strongSwan -- vulnerability in charon-tkm
CVE: CVE-2023-41913
WWW: https://vuxml.freebsd.org/freebsd/a62c0c50-8aa0-11ee-ac0d-00e0670f2660.html
19 problem(s) in 10 installed package(s) found.
***DONE***
I dont know where to obtain that from, but (see below) for the system>firmware> audit outputs.
And I have attached a copy of the update ppoup I get when trying to do an update via the web-GUI.
Connectivity:
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 23.7 at Thu Jun 13 12:13:09 BST 2024
Checking connectivity for host: www.mirrorservice.org -> 212.219.56.184
PING 212.219.56.184 (212.219.56.184): 1500 data bytes
1508 bytes from 212.219.56.184: icmp_seq=1 ttl=53 time=10.464 ms
1508 bytes from 212.219.56.184: icmp_seq=2 ttl=53 time=8.980 ms
1508 bytes from 212.219.56.184: icmp_seq=3 ttl=53 time=9.976 ms
--- 212.219.56.184 ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 8.980/9.807/10.464/0.617 ms
Checking connectivity for repository (IPv4): https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 863 packages processed.
All repositories are up to date.
Checking connectivity for host: www.mirrorservice.org -> 2001:630:341:12::184
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7
Updating OPNsense repository catalogue...
pkg: https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
Health:
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 23.7 at Thu Jun 13 12:20:00 BST 2024
>>> Check installed kernel version
Version 23.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 23.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
No plugins found.
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 67 dependencies to check.
Checking packages: .
beep-1.0_1 version mismatch, expected 1.0_2
Checking packages: .
ca_root_nss-3.91 version mismatch, expected 3.93
Checking packages: .
choparp-20150613 version mismatch, expected 20150613_1
Checking packages: ......
filterlog-0.7 version mismatch, expected 0.7_1
Checking packages: ...
hostapd-2.10_5 version mismatch, expected 2.10_8
Checking packages: .....
lighttpd-1.4.71 version mismatch, expected 1.4.73
Checking packages: ..
mpd5-5.9_16 version mismatch, expected 5.9_17
Checking packages: .
ntp-4.2.8p17 version mismatch, expected 4.2.8p17_1
Checking packages: .
openssh-portable-9.3.p2,1 version mismatch, expected 9.6.p1_1,1
Checking packages: .
openvpn-2.6.5 version mismatch, expected 2.6.8_1
Checking packages: .
opnsense-23.7 version mismatch, expected 23.7.12_5
Checking packages: .
opnsense-installer-23.1 version mismatch, expected 24.1
Checking packages: .
opnsense-lang-22.7.3 version mismatch, expected 23.7.11
Checking packages: .
opnsense-update-23.7 version mismatch, expected 23.7.10_1
Checking packages: ..
pftop-0.8_4 version mismatch, expected 0.10
Checking packages: .
php82-ctype-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-curl-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-dom-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-filter-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-gettext-8.2.8 version mismatch, expected 8.2.14
Checking packages: ..
php82-ldap-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-pdo-8.2.8 version mismatch, expected 8.2.14
Checking packages: ...
php82-phalcon-5.2.3 version mismatch, expected 5.3.1
Checking packages: .
php82-phpseclib-3.0.19 version mismatch, expected 3.0.34
Checking packages: .
php82-session-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-simplexml-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-sockets-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-sqlite3-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-xml-8.2.8 version mismatch, expected 8.2.14
Checking packages: .
php82-zlib-8.2.8 version mismatch, expected 8.2.14
Checking packages: ...
py39-dnspython-2.4.0,1 version mismatch, expected 2.4.2,1
Checking packages: ..
py39-netaddr-0.8.0 version mismatch, expected 0.10.1
Checking packages: .
py39-numpy-1.25.0,1 version mismatch, expected 1.25.0_4,1
Checking packages: ...
py39-sqlite3-3.9.17_7 version mismatch, expected 3.9.18_7
Checking packages: .
py39-ujson-5.8.0 version mismatch, expected 5.9.0
Checking packages: ...
rrdtool-1.8.0_2 version mismatch, expected 1.8.0_3
Checking packages: ..
squid-5.9 version mismatch, expected 6.6
Checking packages: .
strongswan-5.9.10_2 version mismatch, expected 5.9.13
Checking packages: .
sudo-1.9.14p3 version mismatch, expected 1.9.15p5
Checking packages: .
suricata-6.0.13_1 version mismatch, expected 6.0.15
Checking packages: .
syslog-ng-4.2.0 version mismatch, expected 4.4.0
Checking packages: .
unbound-1.17.1_3 version mismatch, expected 1.19.0
Checking packages: .
wpa_supplicant-2.10_6 version mismatch, expected 2.10_10
Checking packages: . done
***DONE***
Security:
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.7 at Thu Jun 13 12:23:41 BST 2024
Fetching vuln.xml.xz: .......... done
unbound-1.17.1_3 is vulnerable:
DNSSEC validators -- denial-of-service/CPU exhaustion from KeyTrap and NSEC3 vulnerabilities
CVE: CVE-2023-50868
CVE: CVE-2023-50387
WWW: https://vuxml.freebsd.org/freebsd/21a854cc-cac1-11ee-b7a7-353f1e043d9a.html
openssl-1.1.1u,1 is vulnerable:
OpenSSL -- Multiple vulnerabilities
CVE: CVE-2023-6237
CVE: CVE-2024-0727
WWW: https://vuxml.freebsd.org/freebsd/10dee731-c069-11ee-9190-84a93843eb75.html
OpenSSL -- Vector register corruption on PowerPC
CVE: CVE-2023-6129
WWW: https://vuxml.freebsd.org/freebsd/8337251b-b07b-11ee-b0d7-84a93843eb75.html
OpenSSL -- Denial of Service vulnerability
CVE: CVE-2024-4603
WWW: https://vuxml.freebsd.org/freebsd/b88aa380-1442-11ef-a490-84a93843eb75.html
OpenSSL -- Excessive time spent checking DH q parameter value
CVE: CVE-2023-3817
WWW: https://vuxml.freebsd.org/freebsd/bad6588e-2fe0-11ee-a0d1-84a93843eb75.html
OpenSSL -- Use after free vulnerability
CVE: CVE-2024-4741
WWW: https://vuxml.freebsd.org/freebsd/73a697d7-1d0f-11ef-a490-84a93843eb75.html
OpenSSL -- DoS in DH generation
CVE: CVE-2023-5678
WWW: https://vuxml.freebsd.org/freebsd/a5956603-7e4f-11ee-9df6-84a93843eb75.html
OpenSSL -- potential loss of confidentiality
CVE: CVE-2023-5363
WWW: https://vuxml.freebsd.org/freebsd/4a4712ae-7299-11ee-85eb-84a93843eb75.html
OpenSSL -- Unbounded memory growth with session handling in TLSv1.3
CVE: CVE-2024-2511
WWW: https://vuxml.freebsd.org/freebsd/7c217849-f7d7-11ee-a490-84a93843eb75.html
openvpn-2.6.5 is vulnerable:
openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak
CVE: CVE-2023-46850
CVE: CVE-2023-46849
WWW: https://vuxml.freebsd.org/freebsd/2fe004f5-83fd-11ee-9f5d-31909fb2f495.html
krb5-1.21.1 is vulnerable:
krb5 -- Double-free in KDC TGS processing
CVE: CVE-2023-39975
WWW: https://vuxml.freebsd.org/freebsd/a6986f0f-3ac0-11ee-9a88-206a8a720317.html
python39-3.9.17 is vulnerable:
Python -- multiple vulnerabilities
CVE: CVE-2023-40217
WWW: https://vuxml.freebsd.org/freebsd/a57472ba-4d84-11ee-bf05-000c29de725b.html
php82-8.2.8 is vulnerable:
php -- Multiple vulnerabilities
CVE: CVE-2024-2757
CVE: CVE-2024-3096
CVE: CVE-2024-2756
CVE: CVE-2024-1874
WWW: https://vuxml.freebsd.org/freebsd/6d82c5e9-fc24-11ee-a689-04421a1baf97.html
curl-8.1.2 is vulnerable:
curl -- HTTP headers eat all memory
CVE: CVE-2023-38039
WWW: https://vuxml.freebsd.org/freebsd/833b469b-5247-11ee-9667-080027f5fec9.html
curl -- SOCKS5 heap buffer overflow
CVE: CVE-2023-38545
WWW: https://vuxml.freebsd.org/freebsd/d6c19e8c-6806-11ee-9464-b42e991fc52e.html
curl -- OCSP verification bypass with TLS session reuse
CVE: CVE-2024-0853
WWW: https://vuxml.freebsd.org/freebsd/02e33cd1-c655-11ee-8613-08002784c58d.html
suricata-6.0.13_1 is vulnerable:
suricata -- multiple vulnerabilities
CVE: CVE-2024-23837
CVE: CVE-2024-24568
CVE: CVE-2024-23835
CVE: CVE-2024-23836
CVE: CVE-2024-23839
WWW: https://vuxml.freebsd.org/freebsd/979dc373-d27d-11ee-8b84-b42e991fc52e.html
squid-5.9 is vulnerable:
squid -- Multiple vulnerabilities
WWW: https://vuxml.freebsd.org/freebsd/a8fb8e3a-730d-11ee-ab61-b42e991fc52e.html
strongswan-5.9.10_2 is vulnerable:
strongSwan -- vulnerability in charon-tkm
CVE: CVE-2023-41913
WWW: https://vuxml.freebsd.org/freebsd/a62c0c50-8aa0-11ee-ac0d-00e0670f2660.html
19 problem(s) in 10 installed package(s) found.
***DONE***
#9
24.1, 24.4 Legacy Series / Unable update from 23.7.12 to 24.1.8 - SOLVED
June 13, 2024, 11:59:59 AM
Hello
So I have tried to update from 23.7.12 to 24.1.8 and Opnsense dosent wont to update past 23.7.12.
- webgui performs the update and shows 23.7.12 each time.
- via ssh and option 12 (Update all from console), I just get presented with a text of the update to 24.1.8 but it dosent appear do the actual update.
- via ssh option 8 (shell), I tried opnsense-update -up and get the message "No known packages set to fetch was specified."
Short of doing doing a complete install from scratch, what are my other options..? or am I missiong something major/obvious..?
update - For the solution go to my 14th reply.
So I have tried to update from 23.7.12 to 24.1.8 and Opnsense dosent wont to update past 23.7.12.
- webgui performs the update and shows 23.7.12 each time.
- via ssh and option 12 (Update all from console), I just get presented with a text of the update to 24.1.8 but it dosent appear do the actual update.
- via ssh option 8 (shell), I tried opnsense-update -up and get the message "No known packages set to fetch was specified."
Short of doing doing a complete install from scratch, what are my other options..? or am I missiong something major/obvious..?
update - For the solution go to my 14th reply.
#10
General Discussion / Connecting to OS on internal LAN: I get website/cert error
April 18, 2024, 04:02:51 PM
So trying to search for help with this online is in a word 'unhelpful' as all the advice is referring to having the issue with external websites. I tried search for both of the errors on here, but only found one post and that didn't apply to my situation.
When I try to access my OS box (192.168.1.1) on my internal LAN I am getting the following errors from Firefox & Kaspersky (see attached). I have tried adding the IP to the trusted sites in internet setting (Win10) and trusted URLs in Kaspersky, but I still keep getting that message.
Now while I don't have to access the firewall all that often, its still no less annoying. Any guidance would be welcome.
When I try to access my OS box (192.168.1.1) on my internal LAN I am getting the following errors from Firefox & Kaspersky (see attached). I have tried adding the IP to the trusted sites in internet setting (Win10) and trusted URLs in Kaspersky, but I still keep getting that message.
Now while I don't have to access the firewall all that often, its still no less annoying. Any guidance would be welcome.
#11
Tutorials and FAQs / Re: Question: x86 appliance & OpnSense as home router replacement.
October 12, 2023, 12:58:41 PM
Yeah I learned that fairley recently, and the issue with trying to do that with OpnSense/pfsense is its all done in s/w hence being so slow/less reliable etc.
#12
Tutorials and FAQs / Re: Question: x86 appliance & OpnSense as home router replacement.
October 11, 2023, 06:57:06 PM
Evnening
So as I suspected might be the case then, thanks for the confirmation.
I did try proxmox, to run pfsense and pihole, but as a Pc/Mac engineer the linux networking side of things is a bit outside my wheelhouse, as I never managed to get it to work.
Well maybe a softa hybrid approach then, thanks for the info.
So as I suspected might be the case then, thanks for the confirmation.
I did try proxmox, to run pfsense and pihole, but as a Pc/Mac engineer the linux networking side of things is a bit outside my wheelhouse, as I never managed to get it to work.
Well maybe a softa hybrid approach then, thanks for the info.
#13
Tutorials and FAQs / Question: x86 appliance & OpnSense as home router replacement.
October 11, 2023, 04:47:35 PM
Afternoon
I did do a DG/GGL search for this, but wasnt getting concreate answers -
So currently I have a 'miniPC' running pfsense (its over kill, 2x ethernet, i3-8GB-120SSD) and my old Tp-Link router as the access point. I would like to replace both of them with a single appliance. I live in a single floor flat so wifi transmission is not a concerne
- If the appliance come with a supported wifi adapter, I assume OpenSense has the ability to control that as an access point?
- If the appliance has multiple ethernet ports, can all the non-wan used ports be used as a switch?
If no to the above questions are I best then just going down the OpenWRT path with an old Soho Router?
thanks.
I did do a DG/GGL search for this, but wasnt getting concreate answers -
So currently I have a 'miniPC' running pfsense (its over kill, 2x ethernet, i3-8GB-120SSD) and my old Tp-Link router as the access point. I would like to replace both of them with a single appliance. I live in a single floor flat so wifi transmission is not a concerne
- If the appliance come with a supported wifi adapter, I assume OpenSense has the ability to control that as an access point?
- If the appliance has multiple ethernet ports, can all the non-wan used ports be used as a switch?
If no to the above questions are I best then just going down the OpenWRT path with an old Soho Router?
thanks.
Pages1
