JARVIS
Die Open-Source Firewall, OPNsense, erhielt vor wenigen Tagen das Sicherheitsupdate 20.7.3.
OPNsense 20.7.3 Release Notes
- system: use different shell gateway name to appease wizard
- system: simplify CARP hook
- interfaces: phase out netaddr.eui.ieee.OUI_REGISTRY_PATH usage
- firewall: add MAC type to top right filter selection
- firewall: fix two scrub rule parsing bugs
- firewall: omit group type interfaces in filter selection
- intrusion detection: re-create rule cache after rule deployment
- unbound: add „unbound-plus“ section to XMLRPC sync
- dhcp: adding DDNS values of each additional pool to the $ddns_zones array (contributed by Mathieu St-Pierre)
- dhcp: add static interface mode to router advertisements
- rc: fix ssh key permissions on MSDOS import
- rc: support service identifier in pluginctl -s mode
- plugins: os-bind download link changes (contributed by gap579137)
- plugins: os-chrony 1.0 (contributed by Michael Muenz)
- plugins: os-dnscrypt-proxy blocklist script fixes (contributed by Mark Keisler)
- plugins: os-frr 1.17[1]
- plugins: os-postfix 1.17[2]
- plugins: os-rspamd 1.10[3]
- plugins: os-theme-cicada 1.25 (contributed by Team Rebellion)
- plugins: os-theme-tukan 1.23 (contributed by Team Rebellion)
- plugins: os-theme-vicuna 1.1 (contributed by Team Rebellion)
- plugins: os-wireguard 1.3[4]
- plugins: os-zabbix-agent 1.8[5]
- src: fix FreeBSD Linux ABI kernel panic[6]
- src: fix SCTP socket use-after-free[7]
- src: fix dhclient heap overflow[8]
- src: fix ure device driver susceptible to packet-in-packet attack[9]
- src: fix bhyve privilege escalation via VMCS access[10]
- src: fix bhyve SVM guest escape[11]
- src: fix ftpd privilege escalation via ftpchroot[12]
- src: set PAX_HARDENING_NOSHLIBRANDOM in the RTLD by default
- src: fix kernel panic while trying to read multicast stream
- ports: mpd 5.9[13]
- ports: nss 3.57[14]
- ports: php 7.3.22[15]
- ports: pkg 1.15.6[16]
Stay safe,
Your OPNsense team
—
[1] https://github.com/opnsense/plugins/blob/master/net/frr/pkg-descr
[2] https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr
[3] https://github.com/opnsense/plugins/blob/master/mail/rspamd/pkg-descr
[4] https://github.com/opnsense/plugins/blob/master/net/wireguard/pkg-descr
[5] https://github.com/opnsense/plugins/blob/master/net-mgmt/zabbix-agent/pkg-descr
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:17.linuxthread.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc
[8] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc
[9] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc
[10] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc
[11] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc
[12] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc
[13] http://mpd.sourceforge.net/doc5/mpd4.html#4
[14] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
[15] https://www.php.net/ChangeLog-7.php#7.3.22
[16] https://github.com/freebsd/freebsd-ports/commit/fd4f5566aea
Quelle: https://opnsense.org/opnsense-20-7-3-released/
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.