vermaden
Dabbler
- Joined
- Mar 9, 2019
- Messages
- 16
Hi,
a buddy of mine scanned FreeNAS 11.2-U3 for possible security holes - below are his results.
Do you have any estimate when these holes will be fixed (or packages in FreeNAS updated)?
Vulnerability
Severity
FreeBSD: (Multiple Advisories) (CVE-2016-9063): python 2.7 -- multiple vulnerabilities
Critical
FreeBSD: VID-714B033A-2B09-11E9-8BC3-610FD6E6CD05 (CVE-2019-3822): curl -- multiple vulnerabilities
Critical
FreeBSD: mksh -- TTY attachment privilege escalation (CVE-2008-1845)
Severe
FreeBSD: VID-5A757A31-F98E-4BD4-8A85-F1C0F3409769 (CVE-2018-15120): pango -- remote DoS vulnerability
Severe
FreeBSD: (Multiple Advisories) (CVE-2017-9233): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: VID-714B033A-2B09-11E9-8BC3-610FD6E6CD05 (CVE-2018-16890): curl -- multiple vulnerabilities
Severe
FreeBSD: VID-714B033A-2B09-11E9-8BC3-610FD6E6CD05 (CVE-2019-3823): curl -- multiple vulnerabilities
Severe
FreeBSD: VID-7DA0417F-6B24-11E8-84CC-002590ACAE31 (CVE-2018-12020): gnupg -- unsanitized output (CVE-2018-12020)
Severe
FreeBSD: VID-8719B935-8BAE-41AD-92BA-3C826F651219 (CVE-2018-1060): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: VID-8719B935-8BAE-41AD-92BA-3C826F651219 (CVE-2018-1061): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: VID-8B1A50AB-8A8E-11E8-ADD2-B499BAEBFEAF (CVE-2018-8011): Apache httpd -- multiple vulnerabilities
Severe
FreeBSD: VID-9E2D0DCF-9926-11E8-A92D-0050562A4D7B (CVE-2018-10903): py-cryptography -- tag forgery vulnerability
Severe
FreeBSD: VID-EB888CE5-1F19-11E9-BE05-4C72B94353B5 (CVE-2018-17189): Apache -- vulnerability
Severe
FreeBSD: VID-EB888CE5-1F19-11E9-BE05-4C72B94353B5 (CVE-2018-17199): Apache -- vulnerability
Severe
FreeBSD: VID-EB888CE5-1F19-11E9-BE05-4C72B94353B5 (CVE-2019-0190): Apache -- vulnerability
Severe
FreeBSD: (Multiple Advisories) (CVE-2012-0876): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: (Multiple Advisories) (CVE-2017-7526): gnupg -- unsanitized output (CVE-2018-12020)
Severe
FreeBSD: VID-50AD9A9A-1E28-11E9-98D7-0050562A4D7B: www/py-requests -- Information disclosure vulnerability
Severe
FreeBSD: VID-7B5A8E3B-52CC-11E8-8C7A-9C5C8E75236A (CVE-2018-0494): wget -- cookie injection vulnerability
Severe
FreeBSD: VID-E182C076-C189-11E8-A6D2-B499BAEBFEAF (CVE-2018-11763): Apache -- Denial of service vulnerability in HTTP/2
Severe
FreeBSD: VID-9B5162DE-6F39-11E8-818E-E8E0B747A45A (CVE-2018-0495): libgcrypt -- side-channel attack vulnerability
Moderate
Thanks.
a buddy of mine scanned FreeNAS 11.2-U3 for possible security holes - below are his results.
Do you have any estimate when these holes will be fixed (or packages in FreeNAS updated)?
Vulnerability
Severity
FreeBSD: (Multiple Advisories) (CVE-2016-9063): python 2.7 -- multiple vulnerabilities
Critical
FreeBSD: VID-714B033A-2B09-11E9-8BC3-610FD6E6CD05 (CVE-2019-3822): curl -- multiple vulnerabilities
Critical
FreeBSD: mksh -- TTY attachment privilege escalation (CVE-2008-1845)
Severe
FreeBSD: VID-5A757A31-F98E-4BD4-8A85-F1C0F3409769 (CVE-2018-15120): pango -- remote DoS vulnerability
Severe
FreeBSD: (Multiple Advisories) (CVE-2017-9233): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: VID-714B033A-2B09-11E9-8BC3-610FD6E6CD05 (CVE-2018-16890): curl -- multiple vulnerabilities
Severe
FreeBSD: VID-714B033A-2B09-11E9-8BC3-610FD6E6CD05 (CVE-2019-3823): curl -- multiple vulnerabilities
Severe
FreeBSD: VID-7DA0417F-6B24-11E8-84CC-002590ACAE31 (CVE-2018-12020): gnupg -- unsanitized output (CVE-2018-12020)
Severe
FreeBSD: VID-8719B935-8BAE-41AD-92BA-3C826F651219 (CVE-2018-1060): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: VID-8719B935-8BAE-41AD-92BA-3C826F651219 (CVE-2018-1061): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: VID-8B1A50AB-8A8E-11E8-ADD2-B499BAEBFEAF (CVE-2018-8011): Apache httpd -- multiple vulnerabilities
Severe
FreeBSD: VID-9E2D0DCF-9926-11E8-A92D-0050562A4D7B (CVE-2018-10903): py-cryptography -- tag forgery vulnerability
Severe
FreeBSD: VID-EB888CE5-1F19-11E9-BE05-4C72B94353B5 (CVE-2018-17189): Apache -- vulnerability
Severe
FreeBSD: VID-EB888CE5-1F19-11E9-BE05-4C72B94353B5 (CVE-2018-17199): Apache -- vulnerability
Severe
FreeBSD: VID-EB888CE5-1F19-11E9-BE05-4C72B94353B5 (CVE-2019-0190): Apache -- vulnerability
Severe
FreeBSD: (Multiple Advisories) (CVE-2012-0876): python 2.7 -- multiple vulnerabilities
Severe
FreeBSD: (Multiple Advisories) (CVE-2017-7526): gnupg -- unsanitized output (CVE-2018-12020)
Severe
FreeBSD: VID-50AD9A9A-1E28-11E9-98D7-0050562A4D7B: www/py-requests -- Information disclosure vulnerability
Severe
FreeBSD: VID-7B5A8E3B-52CC-11E8-8C7A-9C5C8E75236A (CVE-2018-0494): wget -- cookie injection vulnerability
Severe
FreeBSD: VID-E182C076-C189-11E8-A6D2-B499BAEBFEAF (CVE-2018-11763): Apache -- Denial of service vulnerability in HTTP/2
Severe
FreeBSD: VID-9B5162DE-6F39-11E8-818E-E8E0B747A45A (CVE-2018-0495): libgcrypt -- side-channel attack vulnerability
Moderate
Thanks.