Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101678

Update Python2 to 2.7.16

    XMLWordPrintable

    Details

    • Attempts to pass:
      2
    • Testing System:
      FreeNAS Mini, Z20-HA
    • QA Status:
      Test Passes FreeNAS
    • Acceptance Criteria:
      python2 --version
    • Doc Engineer:
      Dru Lavigne
    • Doc Commit Version:
      11.2-legacy, 11.2-angular
    • Docs Complete:
      Yes

      Description

      pkg audit -F on 11.2-U4 reports:

      python27-2.7.15 is vulnerable:
      Python -- NULL pointer dereference vulnerability
      CVE: CVE-2019-5010
      WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html
      
      python36-3.6.5_1 is vulnerable:
      Python -- NULL pointer dereference vulnerability
      CVE: CVE-2019-5010
      WWW: https://vuxml.FreeBSD.org/freebsd/d74371d2-4fee-11e9-a5cd-1df8a848de3d.html
      
      py36-requests-2.18.4 is vulnerable:
      www/py-requests -- Information disclosure vulnerability
      WWW: https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html
      
      py36-cryptography-2.1.4 is vulnerable:
      py-cryptography -- tag forgery vulnerability
      CVE: CVE-2018-10903
      WWW: https://vuxml.FreeBSD.org/freebsd/9e2d0dcf-9926-11e8-a92d-0050562a4d7b.html

       

      Not sure if these are easily exploitable in FreeNAS, but it would be comforting to have them fixed.

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                waqar Waqar Ahmed
                Reporter:
                seanm Sean McBride
                QE Engineer:
                Jeff Ervin
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Merged after freeze:

                  Summary Panel