Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - curioustech

Pages 1 2
#16
17.7 Legacy Series / How to address CVE-2017-1000254 on OpnSense
October 08, 2017, 04:30:22 PM
Here is audit log.
=============================================================
***GOT REQUEST TO AUDIT***
vulnxml file up-to-date
curl-7.55.1 is vulnerable:
cURL -- out of bounds read
CVE: CVE-2017-1000254
WWW: https://vuxml.freebsd.org/freebsd/ccace707-a8d8-11e7-ac58-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***
=============================================================

As per https://vuxml.freebsd.org/freebsd/ccace707-a8d8-11e7-ac58-b499baebfeaf.html reference link in audit log, following are recommendations.

RECOMMENDATIONS
We suggest you take one of the following actions immediately, in order of preference:
A - Upgrade curl to version 7.56.0
B - Apply the patch to your version and rebuild
C - Switch off FTP in CURLOPT_PROTOCOLS

Option#A Because I am new to opnSense, I am not sure if will break anything else.
Option#B This something beyond my ability at this point. I think someone form OPNSense developer team can do this.
Option#C I do not know how to do it. So far this seem to be easy/safe option.

Can someone advice me if I am approaching this correctly?
Pages 1 2