t1n1wall

t1n1wall Support (English) => Security => Topic started by: andywhite on November 01, 2015, 09:15:32 PM

Title: Security update r68
Post by: andywhite on November 01, 2015, 09:15:32 PM
The following components of t1n1wall 1.10 r68 have known CVEs

mini_httpd,1.21,CVE-2015-1548
net-snmp,5.7.3,CVE-2014-2285
ipsec-tools,0.8.2,CVE-2015-4047

mini_httpd will be updated to a fixed version 1.22 shortly
net-snmp 5.7.3 CVE affects Traps, which is not part of t1n1wall
ipsec-tools 0.8.2 CVE is fixed in the port that is used by t1n1wall
Title: Re: Security update r68
Post by: gderf on November 02, 2015, 02:22:42 PM
Are amd64 builds discontinued?
Title: Re: Security update r68
Post by: andywhite on November 02, 2015, 02:42:44 PM
No. I'm just travelling and only had time to do an x32 build.  I'll do an amd64 bit build tonight
Title: Re: Security update r68
Post by: gderf on November 02, 2015, 02:58:55 PM
No problem, take your time, and thanks!
Title: Re: Security update r68
Post by: Lee Sharp on November 02, 2015, 06:26:00 PM
That mini_httpd update came out, literally, one week after I checked to see what software needed updating.  :)  Sigh...