python -- several vulnerabilities CVE: CVE-2025-13836 CVE: CVE-2025-12084

Started by makman26, January 21, 2026, 05:58:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 21, 2026, 05:58:19 PM
Hello,
I am new here and have looked for an answer to my question but have been unable to. I have been getting this alert when I run the security checkup lately and I am not sure what to do. It states that it is inadvisable to update python on its own but I have been through a few minor upgrades and the issue still perists. I am on version 25.7.11_2
Thank you
Dave
Here is the full error.
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.11_2 (amd64) at Wed Jan 21 09:44:22 MST 2026
Fetching vuln.xml.xz: .......... done
python311-3.11.14 is vulnerable:
  python -- several vulnerabilities
  CVE: CVE-2025-13836
  CVE: CVE-2025-12084
  WWW: https://vuxml.freebsd.org/freebsd/613d0f9e-d477-11f0-9e85-03ddfea11990.html

1 problem(s) in 1 package(s) found.
***DONE***
January 21, 2026, 06:02:16 PM #1
Wait for the next release which will probably address these issues. There is nothing you can do now.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 21, 2026, 06:38:52 PM #2
Python has not gone ahead with releasing a new version yet. It was met with a bit of irritation. For now it is what it is.


Cheers,
Franco
February 05, 2026, 03:14:46 PM #3
Hi,

FYI
3.11.14_2 has been released yesterday which will fix the mentioned vulnerabilities:
https://vuxml.freebsd.org/freebsd/bfe9adc8-0224-11f1-8790-c5fb948922ad.html


best regards

realizelol
February 05, 2026, 03:20:19 PM #4
Which part of OPNsense uses Python exactly ?

I have started to seriously dislike it as a programming language over the last couple of years so I am really curious what it's purpose is :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
February 05, 2026, 03:27:39 PM #5
The backend uses quite some Python for fetching and managing data.

We did fix the two _1 CVEs in 26.1.1 but apparently there is _2 with two new ones.  The circle of life.  ;)


Cheers,
Franco
Today at 01:49:03 PM #6
i am far more concerned about the openssl ones:

Fetching vuln.xml.xz: .......... done
openssl-3.0.18,1 is vulnerable:
  OpenSSL -- Multiple vulnerabilities
  CVE: CVE-2026-22796
  CVE: CVE-2026-22795
  CVE: CVE-2025-69421
  CVE: CVE-2025-69420
  CVE: CVE-2025-69419
  CVE: CVE-2025-69418
  CVE: CVE-2025-68160
  CVE: CVE-2025-66199
  CVE: CVE-2025-15469
  CVE: CVE-2025-15468
  CVE: CVE-2025-15467
  CVE: CVE-2025-11187
  WWW: https://vuxml.freebsd.org/freebsd/4b824428-fb93-11f0-b194-8447094a420f.html

python311-3.11.14 is vulnerable:
  python -- several vulnerabilities
  CVE: CVE-2025-13836
  CVE: CVE-2025-12084
  WWW: https://vuxml.freebsd.org/freebsd/613d0f9e-d477-11f0-9e85-03ddfea11990.html

  python -- several security vulnerabilities
  CVE: CVE-2026-0865
  CVE: CVE-2026-1299
  WWW: https://vuxml.freebsd.org/freebsd/bfe9adc8-0224-11f1-8790-c5fb948922ad.html

libsodium-1.0.19 is vulnerable:
  security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid
  CVE: CVE-2025-69277
  WWW: https://vuxml.freebsd.org/freebsd/583b63f5-ebae-11f0-939f-47e3830276dd.html

4 problem(s) in 3 package(s) found.
DEC740 > USW-Pro-8-PoE> U6-Enterprise
Dec670. Retired / backup device
Today at 05:51:17 PM #7
Context business edition I presume?  We'll do 25.10.2 in the coming week.


Cheers,
Franco
Today at 08:35:11 PM #8
Quote from: franco on Today at 05:51:17 PMContext business edition I presume?  We'll do 25.10.2 in the coming week.


Cheers,
Franco

Yes Sir.  Thank you and the team  for keeping us secured
DEC740 > USW-Pro-8-PoE> U6-Enterprise
Dec670. Retired / backup device
Print
Go Up Pages1
User actions