Show Posts
1
19.1 Legacy Series / curl 7.64.0
« on: February 22, 2019, 07:42:03 pm »
I noticed OPNsense 19.1.1 (on lastest version) is still running 7.63.0_1 (from the package viewer)
I was wondering if OPNsense isn't vulnerable to the latest exploits via
https://nvd.nist.gov/vuln/detail/CVE-2018-16890
https://nvd.nist.gov/vuln/detail/CVE-2019-3822
https://nvd.nist.gov/vuln/detail/CVE-2019-3823
I really like OPNsense ALOT more than pfsense, (and i hate to point this out) but i noticed PFSENSE fixed this or released instructions on manually updating packages on Feb 15th, I haven't done an audit to confirm OPNsense is vulnerable, but I would assume so because of the versioning number. Could we have a small update to update this package to the latest or instructions on how-to? Or has the attack surface changed where this is a non issue?
I was wondering if OPNsense isn't vulnerable to the latest exploits via
https://nvd.nist.gov/vuln/detail/CVE-2018-16890
https://nvd.nist.gov/vuln/detail/CVE-2019-3822
https://nvd.nist.gov/vuln/detail/CVE-2019-3823
I really like OPNsense ALOT more than pfsense, (and i hate to point this out) but i noticed PFSENSE fixed this or released instructions on manually updating packages on Feb 15th, I haven't done an audit to confirm OPNsense is vulnerable, but I would assume so because of the versioning number. Could we have a small update to update this package to the latest or instructions on how-to? Or has the attack surface changed where this is a non issue?