Update to 22.7.4 - is this correct

[phoenix]

I've recently done the update to 22.7.4 but when I ran an audit I get what seems to be contradictory information.

The following shows I have 2.7.4 and a vulnerability in python:

Code: [Select]

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 22.7.4 (amd64/OpenSSL) at Fri Sep  9 10:59:51 UTC 2022
vulnxml file up-to-date
python39-3.9.13 is vulnerable:
  Python -- multiple vulnerabilities
  CVE: CVE-2020-10735
  WWW: https://vuxml.FreeBSD.org/freebsd/80e057e7-2f0a-11ed-978f-fcaa147e860e.html

1 problem(s) in 1 installed package(s) found.
***DONE***
The following Health report tells me I'm running 22.7.4  and that  I have 22.7.3 kernel and base, is this correct?

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.4 (amd64/OpenSSL) at Fri Sep  9 11:01:20 UTC 2022
>>> Check installed kernel version
Version 22.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-intrusion-detection-content-pt-open 1.0_1
os-maltrail 1.9
os-theme-rebellion 1.8.8
os-vmware 1.5_1
os-wireguard 1.12
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***

[Greelan]

Yes, correct

[phoenix]

Yes, correct

Thanks for your quick answer. To me it seems that those different 'versions'  might be a tad confusing, it was to me.

[Greelan]

Not every update involves a base/kernel update

[depc80]

I have the same

Code: [Select]

python39-3.9.13 is vulnerable . Is it bad?

[FullyBorked]

I have the same

Code: [Select]

python39-3.9.13 is vulnerable . Is it bad?

https://vuxml.freebsd.org/freebsd/80e057e7-2f0a-11ed-978f-fcaa147e860e.html this is a description of the vulnerability.  You'll need to decide if this is bad in your particular environment and figure out what if any mitigations you should take.  For me I don't worry about DOS attacks and I'm not exposing HTTP to the world so these aren't a worry for myself personally.