Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101681

Update libnghttp2 to 1.31.1 to address CVE-2018-1000168

    XMLWordPrintable

    Details

      Description

      pkg audit -F on FreeNAS 11.2-U4 reports:

      libnghttp2-1.31.0 is vulnerable:
      nghttp2 -- Denial of service due to NULL pointer dereference
      CVE: CVE-2018-1000168
      WWW: https://vuxml.FreeBSD.org/freebsd/1fccb25e-8451-438c-a2b9-6a021e4d7a31.html

      Not sure if this is easily exploitable in FreeNAS, but it would be comforting to have fixed.

       

        Attachments

          Activity

            People

            Assignee:
            william William Grzybowski
            Reporter:
            seanm Sean McBride
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Summary Panel