Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pkg update / audit reports vulnerable

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 471 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jpgpi250J
      jpgpi250
      last edited by

      running latest pfsense [2.6.0-RELEASE].
      executed:

      • pkg update
      • pkg audit -F
      • pkg audit

      report:

      hiredis-0.13.3 is vulnerable:
  hiredis -- integer/buffer overflow
  CVE: CVE-2021-32765
  WWW: https://vuxml.FreeBSD.org/freebsd/2220827b-c732-11ec-b272-901b0e934d69.html

curl-7.80.0 is vulnerable:
  cURL -- Multiple vulnerabilities
  CVE: CVE-2022-32208
  CVE: CVE-2022-32207
  CVE: CVE-2022-32206
  CVE: CVE-2022-32205
  WWW: https://vuxml.FreeBSD.org/freebsd/ae5722a6-f5f0-11ec-856e-d4c9ef517024.html

  cURL -- Multiple vulnerabilities
  CVE: CVE-2022-27776
  CVE: CVE-2022-27775
  CVE: CVE-2022-27774
  CVE: CVE-2022-22576
  WWW: https://vuxml.FreeBSD.org/freebsd/92a4d881-c6cf-11ec-a06f-d4c9ef517024.html

  curl -- Multiple vulnerabilities
  CVE: CVE-2022-30115
  CVE: CVE-2022-27782
  CVE: CVE-2022-27781
  CVE: CVE-2022-27780
  CVE: CVE-2022-27779
  CVE: CVE-2022-27778
  WWW: https://vuxml.FreeBSD.org/freebsd/11e36890-d28c-11ec-a06f-d4c9ef517024.html

openvpn-2.5.4_1 is vulnerable:
  openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins
  CVE: CVE-2022-0547
  WWW: https://vuxml.FreeBSD.org/freebsd/45a72180-a640-11ec-a08b-85298243e224.html

dnsmasq-2.86,1 is vulnerable:
  dnsmasq -- heap use-after-free in dhcp6_no_relay
  CVE: CVE-2022-0934
  WWW: https://vuxml.FreeBSD.org/freebsd/3f321a5a-b33b-11ec-80c2-1bb2c6a00592.html

strongswan-5.9.4 is vulnerable:
  strongswan - Incorrect Handling of Early EAP-Success Messages
  CVE: CVE-2021-45079
  WWW: https://vuxml.FreeBSD.org/freebsd/ccaea96b-7dcd-11ec-93df-00224d821998.html

cyrus-sasl-2.1.27_2 is vulnerable:
  cyrus-sasl -- Fix off by one error
  CVE: CVE-2019-19906
  WWW: https://vuxml.FreeBSD.org/freebsd/a80c6273-988c-11ec-83ac-080027415d17.html

8 problem(s) in 6 installed package(s) found.

      how can I fix this?

      thanks for your reply

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @jpgpi250
        last edited by Gertjan

        @jpgpi250

        You don't need to.
        If pfSense was a file server, or web server, then these packages could expose services exposed to the Internet. This would mean that a known bug could be important for you.
        Or, pfSense is a firewall, so most if not all vulnerabilities are not accessible.
        You can make the system even more safe by limiting the admin access on the LANs side to a known interface like LAN, and use other interfaces for all your other local devices, or make the admin interface only accessible to the device you use to admin pfSense.

        Take one example : the openvpn plugin issue : these plugins are not installed on pfSense.
        You are most probably not using dnsmasq, as unbound, the resolver is the default.

        Most, if not all of these vulnerabilities are always known to the pfSense Netgate dev team, as they are the one also the ones that contribute to FreeBSD. If a patch is available, they will rebuild the package and update it in the repository.

        You can run once in a while option 13, as this will update pfSense FreeBSD packages maintained by Netgate.
        I've automated the scan for available system packages for pfSense with a script. If a package is up-datable, I'll receive a mail.

        edit : Btw : I'm just another pfSense user. If needed, 'they' will give more info.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.