Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101679

Update libgcrypt to 1.8.3 to address CVE-2018-0495

    XMLWordPrintable

    Details

    • Attempts to pass:
      1
    • Testing System:
      X10-HA
    • QA Status:
      Test Passes TrueNAS
    • Acceptance Criteria:
      pkg info|grep libgcrypt
    • Doc Engineer:
      Dru Lavigne
    • Doc Commit Version:
      11.2-legacy, 11.2-angular
    • Docs Complete:
      Yes

      Description

      pkg audit -F on FreeNAS 11.2-U4 reports:

      libgcrypt-1.8.2 is vulnerable:
      libgcrypt -- side-channel attack vulnerability
      CVE: CVE-2018-0495
      WWW: https://vuxml.FreeBSD.org/freebsd/9b5162de-6f39-11e8-818e-e8e0b747a45a.html
      
      gnupg-2.2.6 is vulnerable:
      gnupg -- unsanitized output (CVE-2018-12020)
      CVE: CVE-2017-7526
      CVE: CVE-2018-12020
      WWW: https://vuxml.FreeBSD.org/freebsd/7da0417f-6b24-11e8-84cc-002590acae31.html

      Not sure if these are easily exploitable in FreeNAS, but it would be comforting to have them fixed.

       

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                william William Grzybowski
                Reporter:
                seanm Sean McBride
                QE Engineer:
                Bonnie Follweiler
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel