Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] CVE-2021-3156
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] CVE-2021-3156 (Read 3596 times)
Greelan
Hero Member
Posts: 1028
Karma: 72
[SOLVED] CVE-2021-3156
«
on:
January 27, 2021, 09:55:44 am »
Appreciate that 21.1 is taking a lot of focus atm but was wondering about anticipated timing for the sudo patch for the above (significant) vulnerability making it into OPNsense? FreeBSD’s patch is out:
https://svnweb.freebsd.org/ports?view=revision&revision=562997
Thanks for the great work as always
«
Last Edit: May 23, 2021, 05:23:51 am by Greelan
»
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: CVE-2021-3156
«
Reply #1 on:
January 27, 2021, 11:01:20 am »
Very bad timing. Final build of 21.1 is being tested at the moment and we will not move the release date so 21.1.1 will have the fix which is likely 1-2 weeks from now unless we would throw away the work of the past couple of days and start fresh. :/
Cheers,
Franco
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: CVE-2021-3156
«
Reply #2 on:
January 27, 2021, 11:47:07 am »
Yeah, I get that. Certainly wouldn’t want you to throw away all your work over the last few days!
Maybe a hotfix after 21.1 is out? I realise the vulnerability has been around for years but now everyone knows about it (not just the NSA, CCP and FSB
).
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: CVE-2021-3156
«
Reply #3 on:
January 27, 2021, 11:56:22 am »
Yes as usual I think this will be addressed by a package update and a fixed release later.
I have not doubt in the good work of the opnsense core team.
As it is not a direct remote exploit it should be not that big of a deal for the upcomming release and fix afterwards.
Please correct me if I am wrong.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: CVE-2021-3156
«
Reply #4 on:
January 27, 2021, 11:57:07 am »
Maybe we can hotfix it on 20.7.8 this week since we hotfix that anyway for 21.1 upgrades. Which means 20.7.8 is "safer" than 21.1 for the time being... That's all I can promise right now given it causes no issues for upgrades.
Note that sudo is disabled by default...
Cheers,
Franco
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: CVE-2021-3156
«
Reply #5 on:
January 27, 2021, 11:58:00 am »
Thanks Franco
Logged
franco
Administrator
Hero Member
Posts: 17665
Karma: 1611
Re: CVE-2021-3156
«
Reply #6 on:
January 28, 2021, 02:52:57 pm »
Ok, as promised... 20.7.8 is patched up but 21.1 can't follow before tomorrow.
In any case packages are compatible between versions 20.7 and 21.1 so that should manually patch up 21.1 for now:
# pkg add -f
https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/latest/Latest/sudo.txz
Cheers,
Franco
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: CVE-2021-3156
«
Reply #7 on:
January 28, 2021, 09:40:13 pm »
Awesome, thanks again!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[SOLVED] CVE-2021-3156