Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
libxml2-2.9.4 is vulnerable
« previous
next »
Print
Pages: [
1
]
Author
Topic: libxml2-2.9.4 is vulnerable (Read 3571 times)
comet
Full Member
Posts: 117
Karma: 4
libxml2-2.9.4 is vulnerable
«
on:
December 17, 2017, 07:26:22 am »
Got this on a router audit:
***GOT REQUEST TO AUDIT***
Fetching vuln.xml.bz2: .......... done
libxml2-2.9.4 is vulnerable:
libxml2 -- Multiple Issues
CVE: CVE-2017-9050
CVE: CVE-2017-9049
CVE: CVE-2017-9048
CVE: CVE-2017-9047
CVE: CVE-2017-8872
WWW:
https://vuxml.FreeBSD.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html
1 problem(s) in the installed packages found.
***DONE***
Logged
I'm a home user of OPNsense, not a networking expert. I'd much appreciate it if you'd keep that in mind if replying to something I posted. Many thanks!
weust
Hero Member
Posts: 650
Karma: 57
Re: libxml2-2.9.4 is vulnerable
«
Reply #1 on:
December 17, 2017, 10:48:09 am »
Saw that one too.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: libxml2-2.9.4 is vulnerable
«
Reply #2 on:
December 17, 2017, 03:23:31 pm »
Hi guys,
It's true. The database is provided via FreeBSD for your pleasure. Check the CVEs and mitigate if necessary.
You can install the port if you want to mitigate via the system and restart the appropriate services:
# opnsense-code tools ports
# cd /usr/ports/textproc/libxml2
# make
# make deinstall install
17.7.11 will fix this one for sure, but in general the vulnerabilities do not necessarily adhere to our release schedule.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
libxml2-2.9.4 is vulnerable