Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense 2.4.5 package vulnerabilities

    Scheduled Pinned Locked Moved
    General pfSense Questions
    secu
    2
    2
    617
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      melpy
      last edited by

      I am running pfsense 2.4.5. I just did a pkg audit to check for vulnerabilities and i see a number of packages on pfsense build that have vulnerabilities including

      Curl 7.68.0
      Python37-3.7.7
      Php72-7.2.29
      mpd5-5.8_10
      Libnghttp2-1.40.0
      Unbound-1.10.1
      Sqllite3-3.30.1
      Devcpu-data-1.28

      I see no updates in the pfsense 2.4.5 repo for these packages when i try to do a pkg update which is a bit concerning. Why aren't these vulberabilities being addressed? Should i try to update these manually from the freebsd repo myself?

      1 Reply Last reply Reply Quote 0
      • M
        MoonKnight
        last edited by MoonKnight

        Hi,

        You got your answer here :)

        @romor said in pfSense 2.5.0 release date?:

        Hi,
        i did upgrade one of test pfSense to 2.5.0 and then i tried pkg audit to check vulnerabilities.
        All was ok without vulnerabilities.
        That mean, release of 2.5.0 is important for us :-)

        pkg update/upgrade on version 2.4.5.p1 i tested, but there is only a few updates, not all security updates.
        After install upgrades is count of vulnerabilities same (16 in 10 packages).

        https://forum.netgate.com/topic/160456/pfsense-2-5-0-release-date?_=1613340248630

        --- 24.11 ---
        Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz
        Kingston DDR4 2666MHz 16GB ECC
        2 x HyperX Fury SSD 120GB (ZFS-mirror)
        2 x Intel i210 (ports)
        4 x Intel i350 (ports)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post