Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-101681

Update libnghttp2 to 1.31.1 to address CVE-2018-1000168

    XMLWordPrintable

    Details

    • Attempts to pass:
      1
    • Testing System:
      X10-HA
    • QA Status:
      Test Passes TrueNAS
    • Acceptance Criteria:
      pkg info|grep libnghttp2
    • Doc Engineer:
      Dru Lavigne
    • Doc Commit Version:
      11.2-legacy, 11.2-angular
    • Docs Complete:
      Yes

      Description

      pkg audit -F on FreeNAS 11.2-U4 reports:

      libnghttp2-1.31.0 is vulnerable:
      nghttp2 -- Denial of service due to NULL pointer dereference
      CVE: CVE-2018-1000168
      WWW: https://vuxml.FreeBSD.org/freebsd/1fccb25e-8451-438c-a2b9-6a021e4d7a31.html

      Not sure if this is easily exploitable in FreeNAS, but it would be comforting to have fixed.

       

        Attachments

          Container Issues

            Activity

              People

              • Assignee:
                william William Grzybowski
                Reporter:
                seanm Sean McBride
                QE Engineer:
                Bonnie Follweiler
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Merged after freeze:

                  Summary Panel