libxml -- multiple vulnerabilities

Started by magnust, October 01, 2020, 06:20:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 01, 2020, 06:20:27 PM
Known thing?

***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
libxml2-2.9.10 is vulnerable:
libxml -- multiple vulnerabilities
WWW: https://vuxml.freebsd.org/freebsd/f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9.html

1 problem(s) in 1 installed package(s) found.
***DONE***


OPNsense 20.7.3-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
LibreSSL 3.1.4
October 01, 2020, 07:38:20 PM #1
Yes, packages will always be Updated with a new release
October 08, 2020, 07:04:22 PM #2
So this is supposed to be vulnerable with 20.7.3 and probably fixed in a future 20.7.4? So I understand this correctly  :)
October 08, 2020, 08:18:29 PM #3
Yes
October 08, 2020, 11:25:01 PM #4
Thank you!
October 10, 2020, 02:36:59 AM #5
magnust if you are really concerned about it you can update it yourself using the FreeBSD repository. From the console edit the FreeBSD.conf file at:

/usr/local/etc/pkg/repos/FreeBSD.conf

add the following information:

Code Select
FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}

From the console run the following commands:
Code Select
pkg update
pkg install libxml2-2.9.10_1
pkg clean

At this point I would remove the information you added to the FreeBSD.conf file otherwise you will have issues with updating OPNsense. This is a temporary fix until until the OPNsense 20.7.4 update.
Print
Go Up Pages1
User actions