OPNsense Logo

OPNsense Security und Bugfix Release 18.7.9

von

Für die Open-Source Firewall OPNsense ist das Update 18.7.9 erschienen. Neben einigen Bugfixes, wurde das neue Plugin DNSCrypt-Proxy, sowie einige Sicherheitsupdates von FreeBSD und 3.Partie Plugins
veröffentlicht .

OPNsense 18.7.9 Release Notes

  • system: allow setting alternative names on CSR
  • system: add link-local routes with correct scope
  • system: fix LDAP import button for Firefox
  • system: assorted cleanups in HTML and PHP code
  • interfaces: add note about CGN addresses included in private range
  • interfaces: fix checksum disable for IPv6 TX / RX flags
  • interfaces: multiple type DUID support (contributed by Team Rebellion)
  • interfaces: properly read and write dhcp6c DUID binary file
  • interfaces: do not read VLAN capabilities from nonexistent interfaces
  • interfaces: removal of PEAR.inc from IPv6 address library
  • interfaces: assorted cleanups in HTML and PHP code
  • firewall: only suffix subnet alias entry when a network is expected
  • firewall: default alias protocol to both IPv4 and IPv6
  • firewall: fix validation of outbound NAT destination alias
  • firewall: fix performance regression in get_alias_description()
  • firewall: repair defunct “no nat proto carp all” rule
  • firewall: limit type to CARP when checking for VIP VHID reuse
  • firewall: refactor subnet retrieval in VIP deletion
  • firewall: display VHID for IP alias in overview
  • firewall: DHCPv6 outgoing firewall rule changed to “from (self)” to fix static setups
  • firewall: rearranged outbound NAT bottom symbol hints (contributed by Team Rebellion)
  • firewall: ignore empty values in alias migration (contributed by Frank Wall)
  • firewall: assorted cleanups in HTML and PHP code
  • captive portal: work around service boot ordering issue
  • captive portal: change “onestop” to “stop” in backend action
  • dnsmasq: add DNSSEC option
  • dnsmasq: assorted cleanups in HTML and PHP code
  • dhcp: show lease count in page heading
  • dhcp: refactor IPv6 subnet read
  • dhcp: fix DDNS IPv6 algorithm use
  • dhcp: assorted cleanups in HTML and PHP code
  • firmware: opnsense-version can now handle kernel, base and plugin metadata
  • firmware: when pkg needs to be updated do not prompt for base and kernel set
  • firmware: use embedded obsolete file list for removal on base set install
  • intrusion detection: fix daily cron job, was actually monthly
  • ipsec: assorted cleanups in HTML and PHP code
  • openvpn: assorted cleanups in HTML and PHP code
  • unbound: only use IPv6 when enabled and IPv4 is not preferred
  • unbound: restart after VPN is up
  • unbound: updated help text for verbosity level (contributed by Northguy)
  • unbound: assorted cleanups in HTML and PHP code
  • web proxy: move bump_step1 down (contributed by Michael Muenz)
  • mvc: missing isset() in routes migration
  • mvc: Phalcon 3.4.2 scope compatibility fix
  • mvc: assorted fixes in PHPDoc
  • mvc: fix advanced field bug in dialogs (contributed by Fabian Franz)
  • mvc: SetIfConstraint (contributed by Fabian Franz)
  • mvc: hidden input field (contributed by Fabian Franz)
  • mvc: json-data access support (contributed by Fabian Franz)
  • ui: remove markup from user indicator
  • ui: sidebar fixes (contributed by Team Rebellion)
  • plugins: os-acme-client 1.18 with GratisDNS and ACME DNS support (contributed by Frank Wall, ricobach, TuEye)
  • plugins: os-bind 1.3 adds Google and Yahoo safe search (contributed by Michael Muenz)
  • plugins: os-dnscrypt-proxy 1.0 (contributed by Michael Muenz)
  • plugins: os-freeradius 1.8.3 makes use of certificates clearer (contributed by Michael Muenz)
  • plugins: os-haproxy 2.12 HTTP/2 support, http-request before use_backend (contributed by Frank Wall, Mathias Aerts)
  • plugins: os-net-snmp 1.3 mark device as L3 enabled via SysServices (contributed by Michael Muenz)
  • plugins: os-nginx 1.5 with lots of new features[1] (contributed by Fabian Franz, Carlos Cesario, Julio Cesar Camargo, fzoske)
  • plugins: os-nut 1.4 adds listen directive and more flexible arguments (contributed by Michael Muenz)
  • plugins: os-postfix 1.7 adds address rewriting, sender/recipient BCC and domain masquerading (contributed by Michael Muenz)
  • plugins: os-theme-cicada 1.11 (contributed by Team Rebellion)
  • plugins: os-theme-rebellion 1.8.1 (contributed by Team Rebellion)
  • plugins: os-theme-tukan 1.10 (contributed by Team Rebellion)
  • src: fix multiple vulnerabilities in NFS server code[2]
  • src: fix ICMP buffer underwrite[3]
  • src: timezone database information update[4]
  • src: fix deferred kernel loading breaks loader password[5]
  • src: fix insufficient bounds checking in bhyve(8) device model[6]
  • ports: lighttpd 1.4.52[7]
  • ports: sqlite 3.26.0[8]
  • ports: perl 5.26.3[9]
  • ports: php 7.1.25[10]
  • ports: hostapd / wpa_supplicant 2.7[11]
  • ports: unbound 1.8.2[12]

[1] https://github.com/opnsense/plugins/blob/master/www/nginx/pkg-descr
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:13.nfs.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:13.icmp.asc
[4] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:14.tzdata.asc
[5] https://www.freebsd.org/security/advisories/FreeBSD-EN-18:15.loader.asc
[6] https://www.freebsd.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc
[7] https://www.lighttpd.net/2018/11/28/1.4.52/
[8] https://www.sqlite.org/releaselog/3_26_0.html
[9] https://metacpan.org/pod/release/SHAY/perl-5.26.3/pod/perldelta.pod
[10] http://php.net/ChangeLog-7.php#7.1.25
[11] http://lists.infradead.org/pipermail/hostap/2018-December/039069.html
[12] https://nlnetlabs.nl/news/2018/Dec/04/unbound-1.8.2-released/

Quelle: https://opnsense.org/opnsense-18-7-9-released/

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.