Details
-
Type:
Improvement
-
Status: Done (View Workflow)
-
Priority:
Low
-
Resolution: Complete
-
Affects Version/s: 11.2-U3
-
Fix Version/s: 11.2-U4
-
Component/s: OS
-
Labels:
-
Epic Link:
Description
In FreeNAS 11.2U3 (current), 'pkg audit -F' reports:
wget-1.19.4_2 is vulnerable: wget -- security flaw in caching credentials passed as a part of the URL CVE: CVE-2018-20483 WWW: https://vuxml.FreeBSD.org/freebsd/a737eb11-5cfc-11e9-ab87-8cec4bf8fcfb.html wget-1.19.4_2 is vulnerable: wget -- cookie injection vulnerability CVE: CVE-2018-0494 WWW: https://vuxml.FreeBSD.org/freebsd/7b5a8e3b-52cc-11e8-8c7a-9c5c8e75236a.html
Looks like you need to update to the newest, 1.20.3:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
Not sure if those CVEs actually affect FreeNAS, but still...