Update Python2 to 2.7.16

Description

pkg audit -F on 11.2-U4 reports:

python27-2.7.15 is vulnerable:
Python – NULL pointer dereference vulnerability
CVE: CVE-2019-5010
WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html

python36-3.6.5_1 is vulnerable:
Python – NULL pointer dereference vulnerability
CVE: CVE-2019-5010
WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html

py36-requests-2.18.4 is vulnerable:
www/py-requests – Information disclosure vulnerability
WWW: https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html

py36-cryptography-2.1.4 is vulnerable:
py-cryptography – tag forgery vulnerability
CVE: CVE-2018-10903
WWW: https://vuxml.FreeBSD.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html

Not sure if these are easily exploitable in FreeNAS, but it would be comforting to have them fixed.

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Show:

William Gryzbowski
June 26, 2019 at 3:36 PM

It will be for 11.3. We dont like updating packages unnecessarily for the sake of stability for stable branches.

Sean McBride
June 26, 2019 at 3:32 PM

That's good news! And of course it means it's not urgent priority, but don't you agree it should nevertheless be fixed eventually?

William Gryzbowski
June 26, 2019 at 3:22 PM

They are not exploitable for FreeNAS

Sean McBride
June 26, 2019 at 3:19 PM

Just updated to 11.2-U5. These 2 remain:

py36-requests-2.18.4 is vulnerable:
www/py-requests -- Information disclosure vulnerability
WWW: [https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html|https://vuxml.freebsd.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html]

py36-cryptography-2.1.4 is vulnerable:
py-cryptography -- tag forgery vulnerability
CVE: CVE-2018-10903
WWW: [https://vuxml.FreeBSD.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html|https://vuxml.freebsd.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html]

Do you prefer to reopen this or shall I create a new ticket?

Dru Lavigne
June 24, 2019 at 1:38 PM
(edited)

legacy UI doc commit: https://github.com/freenas/freenas-docs/commit/527acbc2f953e171064571484dc4dc3c886fcaf9

new UI doc commit: https://github.com/freenas/freenas-docs/commit/5b6d87eabba2eb6a9c23fc69cdbd4d8fe5d4685f

Resize issue view side panel

Complete

Details

Assignee

Waqar

Reporter

Sean McBride

Labels

Components

Fix versions

11.2-U5

Affects versions

11.2-U4

Priority

Low

Parent

NAS-102406 Updated Software

More fields

Katalon Platform

Created May 8, 2019 at 6:38 PM

Updated July 1, 2022 at 4:31 PM

Resolved June 24, 2019 at 1:39 PM