pfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.
Security Fixes
pfSense-SA-15_02.igmp: Integer overflow in IGMP protocol (FreeBSD-SA-15:04.igmp)
pfSense-SA-15_03.webgui: Multiple XSS Vulnerabilities in the pfSense WebGUI
pfSense-SA-15_04.webgui: Arbitrary file deletion vulnerability in the pfSense WebGUI
FreeBSD-EN-15:01.vt: vt(4) crash with improper ioctl parameters
FreeBSD-EN-15:02.openssl: Update to include reliability fixes from OpenSSL
A note on the OpenSSL “FREAK” vulnerability:
Does not affect the web server configuration on the firewall as it does not have export ciphers enabled.
pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability.
If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details.
Bug Fixes
General
Rules / NAT
IPsec
OpenVPN
DNS Resolver
Logging
Traffic Shaping
IPv6
VIP/CARP
Misc Binary/OS Changes
Πηγή : https://blog.pfsense.org/
0 Comments