Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - emeliaerick

Pages1
#1
25.1, 25.4 Series / Re: Question about 2 vulnerabilities in 25.1.10
November 23, 2025, 07:29:02 PM
Quote from: holunde on July 04, 2025, 12:18:17 PMI'm just wondering, why a release is coming out with these 2 new vulnerabilities?

Currently running OPNsense 25.1.10 (amd64) at Fri Jul  4 11:50:37 CEST 2025
Fetching vuln.xml.xz: .......... done
php83-8.3.22 is vulnerable:
  php -- Multiple vulnerabilities
  CVE: CVE-2025-1220
  CVE: CVE-2025-6491
  CVE: CVE-2025-1735
  WWW: https://vuxml.freebsd.org/remove bgfreebsd/d607b12c-5821-11f0-ab92-f02f7497ecda.html

sudo-1.9.17 is vulnerable:
  sudo -- privilege escalation vulnerability through host and chroot options
  CVE: CVE-2025-32463
  CVE: CVE-2025-32462
  WWW: https://vuxml.freebsd.org/freebsd/24f4b495-56a1-11f0-9621-93abbef07693.html

2 problem(s) in 2 installed package(s) found.
***DONE***
"It's definitely frustrating to see a release ship with fresh vulnerabilities still present. Sometimes the upstream packages haven't been patched yet, or the update cycle in OPNsense hasn't caught up with the fixes. Hopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence."
#2
25.1, 25.4 Series / Re: Question about 2 vulnerabilities in 25.1.10
November 23, 2025, 07:23:57 PM
Quote from: holunde on July 04, 2025, 12:18:17 PMI'm just wondering, why a release is coming out with these 2 new vulnerabilities?

Currently running OPNsense 25.1.10 (amd64) at Fri Jul  4 11:50:37 CEST 2025
Fetching vuln.xml.xz: .......... done
php83-8.3.22 is vulnerable:
  php -- Multiple vulnerabilities
  CVE: CVE-2025-1220
  CVE: CVE-2025-6491
  CVE: CVE-2025-1735
  WWW: https://vuxml.freebsd.org/remove bgfreebsd/d607b12c-5821-11f0-ab92-f02f7497ecda.html

sudo-1.9.17 is vulnerable:
  sudo -- privilege escalation vulnerability through host and chroot options
  CVE: CVE-2025-32463
  CVE: CVE-2025-32462
  WWW: https://vuxml.freebsd.org/freebsd/8x8 cube24f4b495-56a1-11f0-9621-93abbef07693.html

2 problem(s) in 2 installed package(s) found.
***DONE***
"It's definitely frustrating to see a release ship with fresh vulnerabilities still present. Sometimes the upstream packages haven't been patched yet, or the update cycle in OPNsense hasn't caught up with the fixes. Hopefully a follow-up patch drops soon, because seeing those CVEs right after updating doesn't inspire much confidence."
Pages1