Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
openssl-1.0.2t,1 is vulnerable
« previous
next »
Print
Pages: [
1
]
Author
Topic: openssl-1.0.2t,1 is vulnerable (Read 2324 times)
bruci3
Newbie
Posts: 20
Karma: 0
openssl-1.0.2t,1 is vulnerable
«
on:
December 31, 2019, 11:12:50 pm »
Hi all,
I just updated my Opnsense to latest version.
OPNsense 19.7.8-amd64
FreeBSD 11.2-RELEASE-p16-HBSD
OpenSSL 1.0.2t 10 Sep 2019
I got this when running security audit:
***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
openssl-1.0.2t,1 is vulnerable:
OpenSSL -- Overflow vulnerability
CVE: CVE-2019-1551
WWW:
https://vuxml.FreeBSD.org/freebsd/d778ddb0-2338-11ea-a1c7-b499baebfeaf.html
1 problem(s) in 1 installed package(s) found.
***DONE***
Should I be concerned? If so, is there anything I can do about it?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: openssl-1.0.2t,1 is vulnerable
«
Reply #1 on:
January 01, 2020, 12:09:49 am »
Looks like it is only triggered on key generation and only when generating weak keys.
Logged
bruci3
Newbie
Posts: 20
Karma: 0
Re: openssl-1.0.2t,1 is vulnerable
«
Reply #2 on:
January 01, 2020, 12:42:39 am »
Thanks for the prompt reply.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: openssl-1.0.2t,1 is vulnerable
«
Reply #3 on:
January 07, 2020, 02:31:25 pm »
Guys, please don't post vulnerability reports. We do all get the same report and we already work on inclusion whether you've seen it or not.
The report is solely for you in three separate ways:
1. You know a security bug was found in the software and somebody is/was working on a fix.
2. You know the details to be able to mitigate the issue if possible.
3. You know an OPNsense update is coming eventually to address this.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
openssl-1.0.2t,1 is vulnerable
