Security Audit Log Issues

Started by Thorrrr, March 09, 2023, 04:14:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 09, 2023, 04:14:17 PM
HI
I am fully up to date  but when i run a security audit i get the following (see below)

I have looked at the link and not sure what to do it just tells me i have issues but no way to fix it ??

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 23.1.2 at Thu Mar  9 15:09:02 GMT 2023
vulnxml file up-to-date
curl-7.87.0_1 is vulnerable:
  curl -- multiple vulnerabilities
  CVE: CVE-2023-23916
  CVE: CVE-2023-23915
  CVE: CVE-2023-23914
  WWW: https://vuxml.freebsd.org/freebsd/be233fc6-bae7-11ed-a4fb-080027f5fec9.html

1 problem(s) in 1 installed package(s) found.
***DONE***
March 10, 2023, 11:50:14 PM #1
I noticed the same issue still exists; I'm running 23.1.3.

My security audit output:
  ***GOT REQUEST TO AUDIT SECURITY***
  Currently running OPNsense 23.1.3 at Fri Mar 10 14:30:15 PST 2023
  vulnxml file up-to-date
  curl-7.87.0_1 is vulnerable:
    curl -- multiple vulnerabilities
    CVE: CVE-2023-23916
    CVE: CVE-2023-23915
    CVE: CVE-2023-23914
    WWW: https://vuxml.freebsd.org/freebsd/be233fc6-bae7-11ed-a4fb-080027f5fec9.html

  1 problem(s) in 1 installed package(s) found.
  ***DONE***

The last CVE listed, CVE-2023-23914, is a 9.1 critical
March 11, 2023, 02:11:33 PM #2
QuoteI have looked at the link and not sure what to do it just tells me i have issues but no way to fix it ??
if you not using curl like 'curl --hsts "" https://curl.se http://curl.se'  on your opnsense then you probably no need to worry   ;)
freebsd port is not updated yet afaik
March 11, 2023, 02:45:17 PM #3
Please don't report issues to us reported by the security health check, they are already known and highly likely a fix is pending for the next release.https://docs.opnsense.org/security.html
I was reporting once like you guys than readed docs, and I still do
Print
Go Up Pages1
User actions