JARVIS
netgate hat für die Open-Source Firwall, pfSense, das Update 2.4.3 p1 und 2.3.5 p2 veröffentlicht. Dies ist ein Maintenance Update, dass Fehler behebt und die Sicherheitspatche installiert.
!! Achtung – einige Admins berichten im pfSense Forum über Probleme mit Routing, NAT, CARP und Bootproblemen. !!
- Bug Report #8408: https://redmine.pfsense.org/issues/8408
- Bug Report #8518: https://redmine.pfsense.org/issues/8518
- GitHub Pull #3924: https://github.com/pfsense/pfsense/pull/3924
2.4.3-p1 New Features and Changes
Security / Errata
- FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg
- FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem
- Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui
- Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui
Misc
- Added a check to avoid creating route-to rules for proxy ARP addresses
- Corrected alias name input validation text referring to well-known and registered ports #8409
- Corrected the list of pf reserved keywords to prevent aliases from using invalid custom names #8445
- Fixed an issue with Captive Portal access rules being left behind on disconnect #8441
- Fixed an issue with pressing Enter in the filter field of diag_pftop.php #8494
- Fixed an issue with invalid rules generated due to the presence of IPv6 Alias VIPs #8408
- Fixed an issue with IPsec mobile Pre-Shared Keys and iOS devices #8426
- Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
- Fixed firewall rules generated by the OpenVPN wizard #8391
- Fixed handling of OpenVPN RADIUS attribute firewall rules #8480
- Fixed handling of XMLRPC user/group synchronization when that section is disabled on the primary #8450
- Fixed input validation to allow named services to be used in firewall rules rather than numbers alone #8410
- Fixed issues with IP alias VIPs on Localhost at boot time #8393
- Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417
- Updated SimplePie RSS to 1.5.1 #8423
- Added more fields to the list that status.php uses to redact private information #8394
2.3.5-p2 New Features and Changes
Security / Errata
- FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg
- FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem
- Fixed a potential XSS vector in RRD error output encoding #8269 pfSense-SA-18_01.packages
- Fixed a potential XSS vector in diag_system_activity.php output encoding #8300 pfSense-SA-18_02.webgui
- Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui
- Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui
- Changed sshd to use delayed compression #8245
- Added encoding for firewall schedule range descriptions #8259
Misc
- Added an option to disable HSTS for the GUI web server #6650
- Added filtering to pfTop page
- Added ospf6d to the routing log
- Change get_interface_subnet() to use configured value if available
- Corrected sethelp call on firewall_rules_edit.php #8242
- Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
- Fixed an issue with the address familiy selection for remote syslog servers using IPv6 #8323
- Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239
- Fixed config.xml corruption handling
- Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275
- Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261
- Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129
- Fixed selection of IPv6 gateways when creating a new firewall rule #8053
- Fixed various pf „busy“ errors when the ruleset is reloaded
- Improved handling of aliases that mix IP addresses and FQDNs #8290
- Improved update repository controls
- Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417
Quelle: https://www.netgate.com/blog/pfsense-2-4-3-release-p1-and-2-3-5-release-p2-now-available.html
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.