Colleagues,
I have FreeNAS 8.3.1-REL based upon FreeBSD 8.3p6. Security scanning reveals that bzip2(ver 1.0.5), nptd2(ver 4.2.4p5) and openssl(ver 0.9.8q) need to be upgraded in order to patch the vulnerabilities to 1.0.6, 4.2.4p7 and 1.0.0h respectively.
I posted to FreeBSD forums to try and get to the bottom of the issues and possible resolve the security vulnerabilities in FreeNAS/FreeBSD. What is odd is that the community says that the vulnerabilities in ntpd and bzip2 were fixed long ago and should NOT be present in FreeNAS 8.3.1-REL/FreeBSD 8.3p6 --but they STILL are.
Reference:http://forums.freebsd.org/showthread.php?p=216392&posted=1#post216392
Anyone know why the BSD community says this stuff is patched since 8.1 and the problems still show up in FreeNAS as of only a couple months ago? The vulnerabilities are years old now.
-Jim
I have FreeNAS 8.3.1-REL based upon FreeBSD 8.3p6. Security scanning reveals that bzip2(ver 1.0.5), nptd2(ver 4.2.4p5) and openssl(ver 0.9.8q) need to be upgraded in order to patch the vulnerabilities to 1.0.6, 4.2.4p7 and 1.0.0h respectively.
I posted to FreeBSD forums to try and get to the bottom of the issues and possible resolve the security vulnerabilities in FreeNAS/FreeBSD. What is odd is that the community says that the vulnerabilities in ntpd and bzip2 were fixed long ago and should NOT be present in FreeNAS 8.3.1-REL/FreeBSD 8.3p6 --but they STILL are.
Reference:http://forums.freebsd.org/showthread.php?p=216392&posted=1#post216392
Anyone know why the BSD community says this stuff is patched since 8.1 and the problems still show up in FreeNAS as of only a couple months ago? The vulnerabilities are years old now.
-Jim