Date: Fri, 9 Jun 2023 21:41:49 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: freebsd-security <freebsd-security@freebsd.org> Subject: acme.sh remote code execution vulnerability Message-ID: <5291cba9-bc27-a577-1eda-83ff0486f098@quip.cz>
next in thread | raw e-mail | index | archive | help
As far as I know FreeBSD uses acme.sh for Let's Encrypt certificates. It was discovered yesterday there is a remote code execution vulnerability mainly used by HiCA. https://github.com/acmesh-official/acme.sh/issues/4659 It is recommended to upgrade acme.sh (fixed today) and mark acme.sh vulnerable in VuXML database. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5291cba9-bc27-a577-1eda-83ff0486f098>