OPNSense 25.1.3 has php83-8.3.17_1 which needs security updates

dmerrett · March 25, 2025, 03:13:47 AM

Hi, I read about the important PHP CVEs that were recently announced, so I checked the System Firmware by doing a Security Audit on the System:Firmware Status tab. It came back with

Code Select

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.1.3 (amd64) at Tue Mar 25 13:07:08 AEDT 2025
vulnxml file up-to-date
php83-8.3.17_1 is vulnerable:
  php -- Multiple vulnerabilities
  CVE: CVE-2025-1217
  CVE: CVE-2025-1734
  CVE: CVE-2025-1861
  CVE: CVE-2025-1736
  CVE: CVE-2025-1219
  CVE: CVE-2024-11235
  WWW: https://vuxml.FreeBSD.org/freebsd/2ac2ddc2-0051-11f0-8673-f02f7432cf97.html

1 problem(s) in 1 installed package(s) found.
***DONE***

However there are no updates to correct this when checking for updates...

Is there a way to put the standard FreeBSD package servers in the list so that if there are no updates on OPNSense, then the upstream updates will be installed?

Or is there a better way?

franco · March 25, 2025, 07:05:21 AM

25.1.4 is due this week.

Cheers,
Franco

OPNSense 25.1.3 has php83-8.3.17_1 which needs security updates

dmerrett

March 25, 2025, 03:13:47 AM

franco

March 25, 2025, 07:05:21 AM #1