libxml2-2.9.4 is vulnerable

Started by comet, December 17, 2017, 07:26:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 17, 2017, 07:26:22 AM
Got this on a router audit:

***GOT REQUEST TO AUDIT***
Fetching vuln.xml.bz2: .......... done
libxml2-2.9.4 is vulnerable:
libxml2 -- Multiple Issues
CVE: CVE-2017-9050
CVE: CVE-2017-9049
CVE: CVE-2017-9048
CVE: CVE-2017-9047
CVE: CVE-2017-8872
WWW: https://vuxml.freebsd.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html

1 problem(s) in the installed packages found.
***DONE***
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!
December 17, 2017, 10:48:09 AM #1
Saw that one too.
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
December 17, 2017, 03:23:31 PM #2
Hi guys,

It's true. The database is provided via FreeBSD for your pleasure. Check the CVEs and mitigate if necessary.

You can install the port if you want to mitigate via the system and restart the appropriate services:

# opnsense-code tools ports
# cd /usr/ports/textproc/libxml2
# make
# make deinstall install

17.7.11 will fix this one for sure, but in general the vulnerabilities do not necessarily adhere to our release schedule. ;)


Cheers,
Franco
Print
Go Up Pages1
User actions