Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101678

Update Python2 to 2.7.16

    XMLWordPrintable

    Details

      Description

      pkg audit -F on 11.2-U4 reports:

      python27-2.7.15 is vulnerable:
      Python -- NULL pointer dereference vulnerability
      CVE: CVE-2019-5010
      WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html
      
      python36-3.6.5_1 is vulnerable:
      Python -- NULL pointer dereference vulnerability
      CVE: CVE-2019-5010
      WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html
      
      py36-requests-2.18.4 is vulnerable:
      www/py-requests -- Information disclosure vulnerability
      WWW: https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html
      
      py36-cryptography-2.1.4 is vulnerable:
      py-cryptography -- tag forgery vulnerability
      CVE: CVE-2018-10903
      WWW: https://vuxml.FreeBSD.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html

       

      Not sure if these are easily exploitable in FreeNAS, but it would be comforting to have them fixed.

        Attachments

          Activity

            People

            Assignee:
            waqar Waqar Ahmed
            Reporter:
            seanm Sean McBride
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Summary Panel