Archive > 19.1 Legacy Series

Curl Vulnerability

(1/2) > >>

spetrillo:
Hello all,

I did a security audit of my system and its showing that Curl has multiple vulnerabilities. Is there a new pkg that addresses these?

Thanks,
Steve

franco:
There should be a new OPNsense release out shortly addressing this... Wednesday or Thursday.

Note we can't always keep up with all vulnerabilities all the time. Getting software into FreeBSD ports, building, QA, releasing already takes multiple days to conclude.


Cheers,
Franco

spetrillo:
Agreed...and I was really not asking if there was an update but more if we could install the updated Curl, which looks to be available.

franco:
I would post instructions here but curl is deeply embedded into multiple software packages and updating it to a newer version without updating its reverse dependencies may be problematic. The update solves it because it builds all packages against the correct libraries and updates them accordingly.


Cheers,
Franco

Taomyn:
Is this the same vulnerability in 19.7.4_?



--- Code: ---***GOT REQUEST TO AUDIT SECURITY***
Fetching vuln.xml.bz2: .......... done
expat-2.2.6_1 is vulnerable:
expat2 -- Fix extraction of namespace prefixes from XML names
WWW: https://vuxml.FreeBSD.org/freebsd/c5bd8a25-99a6-11e9-a598-f079596b62f9.html


curl-7.65.3 is vulnerable:
curl -- multiple vulnerabilities
CVE: CVE-2019-5482
CVE: CVE-2019-5481
WWW: https://vuxml.FreeBSD.org/freebsd/9fb4e57b-d65a-11e9-8a5f-e5c82b486287.html


2 problem(s) in the installed packages found.
***DONE***
--- End code ---

Navigation

[0] Message Index

[#] Next page