network vulnerability in buster
Posted: 02 Mar 2022, 08:11
Hi,
Our company does the "network vulnerabilities scan every week" and seems our Pi-s are the only ones left which we cannot "secure".
There were 2 main vulnerabilities found by this software:
Apache HTTP Server (Apache 2 buster version 2.4.38) - multiple vulnerabilities according to CVE-2019-10081
The recomendation is to upgrade to v 2.4.41 - This version is not included in the repository of any of kunbus raspbian versions.
When do you plan to release the Bulseye?
jQuerry (v 2.2.1) - end of life detection
I did some research and this version is used by a package "pictory" and "revpi-webstatus". As jquery-2.2.1 is not a package but a JS library I wonder if there is some better way to replace it rather than download new version and change the html file for the pictory. Will the pictory use newer jquery in the bulseye?
Unfortunately my colleague who runs this scans is not persuadable and he insist we IMMEDIATELY fix this or disconnect the Pi-s from the network.
Our company does the "network vulnerabilities scan every week" and seems our Pi-s are the only ones left which we cannot "secure".
There were 2 main vulnerabilities found by this software:
Apache HTTP Server (Apache 2 buster version 2.4.38) - multiple vulnerabilities according to CVE-2019-10081
The recomendation is to upgrade to v 2.4.41 - This version is not included in the repository of any of kunbus raspbian versions.
When do you plan to release the Bulseye?
jQuerry (v 2.2.1) - end of life detection
I did some research and this version is used by a package "pictory" and "revpi-webstatus". As jquery-2.2.1 is not a package but a JS library I wonder if there is some better way to replace it rather than download new version and change the html file for the pictory. Will the pictory use newer jquery in the bulseye?
Unfortunately my colleague who runs this scans is not persuadable and he insist we IMMEDIATELY fix this or disconnect the Pi-s from the network.