Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-20891

freepbx14 vulnerabilities

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Sprint 18!, Sprint 19!, Sprint 20, Sprint 21
    • ToDo:
    • Asterisk Version:
      13.29.2
    • Distro Version:
      14
    • Distro:
      FreePBX Distro

      Description

      I have instance of freepbx14 from sangoma distro. I was scanned it throw vulners.com 3 and was found multiply vulnerabilities with score 10, such as https://vulners.com/info/RHSA-2019:2091 10.
      I was checked systemd version and it was vulnurable:

      yum info systemd
      Loaded plugins: fastestmirror, versionlock
      Loading mirror speeds from cached hostfile
      Installed Packages
      Name : systemd
      Arch : x86_64
      Version : 219
      Release : 62.el7_6.7
      Size : 23 M
      Repo : installed
      From repo : sng-updates

      But “yum update” say “No packages marked for update”.

      Becouse it is our production system I have no opportunity for testing manual packeages installation in view of system crashing. 

      Please, fix this problem.

       

       

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                llang Leonardo Lang
                Reporter:
                HakimzyanovA HakimzyanovA
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:

                  NextupJiraPlusStatus

                  Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.