OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • libxml2-2.9.4 is vulnerable
« previous next »
  • Print
Pages: [1]

Author Topic: libxml2-2.9.4 is vulnerable  (Read 1857 times)

comet

  • Full Member
  • ***
  • Posts: 112
  • Karma: 3
    • View Profile
libxml2-2.9.4 is vulnerable
« on: December 17, 2017, 07:26:22 am »
Got this on a router audit:

***GOT REQUEST TO AUDIT***
Fetching vuln.xml.bz2: .......... done
libxml2-2.9.4 is vulnerable:
libxml2 -- Multiple Issues
CVE: CVE-2017-9050
CVE: CVE-2017-9049
CVE: CVE-2017-9048
CVE: CVE-2017-9047
CVE: CVE-2017-8872
WWW: https://vuxml.FreeBSD.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html

1 problem(s) in the installed packages found.
***DONE***
Logged
I'm a home user of OPNsense, not a networking expert.  I'd much appreciate it if you'd keep that in mind if replying to something I posted.  Many thanks!

weust

  • Hero Member
  • *****
  • Posts: 642
  • Karma: 57
    • View Profile
Re: libxml2-2.9.4 is vulnerable
« Reply #1 on: December 17, 2017, 10:48:09 am »
Saw that one too.
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 12612
  • Karma: 1082
    • View Profile
Re: libxml2-2.9.4 is vulnerable
« Reply #2 on: December 17, 2017, 03:23:31 pm »
Hi guys,

It's true. The database is provided via FreeBSD for your pleasure. Check the CVEs and mitigate if necessary.

You can install the port if you want to mitigate via the system and restart the appropriate services:

# opnsense-code tools ports
# cd /usr/ports/textproc/libxml2
# make
# make deinstall install

17.7.11 will fix this one for sure, but in general the vulnerabilities do not necessarily adhere to our release schedule. ;)


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • libxml2-2.9.4 is vulnerable
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2