Menü Schließen

OPNsense Security und Bugfix Release 20.7.3

OPNsense Logo

Die Open-Source Firewall, OPNsense, erhielt vor wenigen Tagen das Sicherheitsupdate 20.7.3.

OPNsense 20.7.3 Release Notes

  • system: use different shell gateway name to appease wizard
  • system: simplify CARP hook
  • interfaces: phase out netaddr.eui.ieee.OUI_REGISTRY_PATH usage
  • firewall: add MAC type to top right filter selection
  • firewall: fix two scrub rule parsing bugs
  • firewall: omit group type interfaces in filter selection
  • intrusion detection: re-create rule cache after rule deployment
  • unbound: add “unbound-plus” section to XMLRPC sync
  • dhcp: adding DDNS values of each additional pool to the $ddns_zones array (contributed by Mathieu St-Pierre)
  • dhcp: add static interface mode to router advertisements
  • rc: fix ssh key permissions on MSDOS import
  • rc: support service identifier in pluginctl -s mode
  • plugins: os-bind download link changes (contributed by gap579137)
  • plugins: os-chrony 1.0 (contributed by Michael Muenz)
  • plugins: os-dnscrypt-proxy blocklist script fixes (contributed by Mark Keisler)
  • plugins: os-frr 1.17[1]
  • plugins: os-postfix 1.17[2]
  • plugins: os-rspamd 1.10[3]
  • plugins: os-theme-cicada 1.25 (contributed by Team Rebellion)
  • plugins: os-theme-tukan 1.23 (contributed by Team Rebellion)
  • plugins: os-theme-vicuna 1.1 (contributed by Team Rebellion)
  • plugins: os-wireguard 1.3[4]
  • plugins: os-zabbix-agent 1.8[5]
  • src: fix FreeBSD Linux ABI kernel panic[6]
  • src: fix SCTP socket use-after-free[7]
  • src: fix dhclient heap overflow[8]
  • src: fix ure device driver susceptible to packet-in-packet attack[9]
  • src: fix bhyve privilege escalation via VMCS access[10]
  • src: fix bhyve SVM guest escape[11]
  • src: fix ftpd privilege escalation via ftpchroot[12]
  • src: set PAX_HARDENING_NOSHLIBRANDOM in the RTLD by default
  • src: fix kernel panic while trying to read multicast stream
  • ports: mpd 5.9[13]
  • ports: nss 3.57[14]
  • ports: php 7.3.22[15]
  • ports: pkg 1.15.6[16]

Stay safe,
Your OPNsense team


[1] https://github.com/opnsense/plugins/blob/master/net/frr/pkg-descr
[2] https://github.com/opnsense/plugins/blob/master/mail/postfix/pkg-descr
[3] https://github.com/opnsense/plugins/blob/master/mail/rspamd/pkg-descr
[4] https://github.com/opnsense/plugins/blob/master/net/wireguard/pkg-descr
[5] https://github.com/opnsense/plugins/blob/master/net-mgmt/zabbix-agent/pkg-descr
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-20:17.linuxthread.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc
[8] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc
[9] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc
[10] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc
[11] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc
[12] https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc
[13] http://mpd.sourceforge.net/doc5/mpd4.html#4
[14] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
[15] https://www.php.net/ChangeLog-7.php#7.3.22
[16] https://github.com/freebsd/freebsd-ports/commit/fd4f5566aea

Quelle: https://opnsense.org/opnsense-20-7-3-released/

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert