
netgate hat für die Open-Source Firwall, pfSense, das Update 2.4.3 p1 und 2.3.5 p2 veröffentlicht. Dies ist ein Maintenance Update, dass Fehler behebt und die Sicherheitspatche installiert.
!! Achtung – einige Admins berichten im pfSense Forum über Probleme mit Routing, NAT, CARP und Bootproblemen. !!
- Bug Report #8408: https://redmine.pfsense.org/issues/8408
- Bug Report #8518: https://redmine.pfsense.org/issues/8518
- GitHub Pull #3924: https://github.com/pfsense/pfsense/pull/3924
2.4.3-p1 New Features and Changes
Security / Errata
- FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg
- FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem
- Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui
- Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui
Misc
- Added a check to avoid creating route-to rules for proxy ARP addresses
- Corrected alias name input validation text referring to well-known and registered ports #8409
- Corrected the list of pf reserved keywords to prevent aliases from using invalid custom names #8445
- Fixed an issue with Captive Portal access rules being left behind on disconnect #8441
- Fixed an issue with pressing Enter in the filter field of diag_pftop.php #8494
- Fixed an issue with invalid rules generated due to the presence of IPv6 Alias VIPs #8408
- Fixed an issue with IPsec mobile Pre-Shared Keys and iOS devices #8426
- Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
- Fixed firewall rules generated by the OpenVPN wizard #8391
- Fixed handling of OpenVPN RADIUS attribute firewall rules #8480
- Fixed handling of XMLRPC user/group synchronization when that section is disabled on the primary #8450
- Fixed input validation to allow named services to be used in firewall rules rather than numbers alone #8410
- Fixed issues with IP alias VIPs on Localhost at boot time #8393
- Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417
- Updated SimplePie RSS to 1.5.1 #8423
- Added more fields to the list that status.php uses to redact private information #8394
2.3.5-p2 New Features and Changes
Security / Errata
- FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg
- FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem
- Fixed a potential XSS vector in RRD error output encoding #8269 pfSense-SA-18_01.packages
- Fixed a potential XSS vector in diag_system_activity.php output encoding #8300 pfSense-SA-18_02.webgui
- Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui
- Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui
- Changed sshd to use delayed compression #8245
- Added encoding for firewall schedule range descriptions #8259
Misc
- Added an option to disable HSTS for the GUI web server #6650
- Added filtering to pfTop page
- Added ospf6d to the routing log
- Change get_interface_subnet() to use configured value if available
- Corrected sethelp call on firewall_rules_edit.php #8242
- Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
- Fixed an issue with the address familiy selection for remote syslog servers using IPv6 #8323
- Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239
- Fixed config.xml corruption handling
- Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275
- Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261
- Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129
- Fixed selection of IPv6 gateways when creating a new firewall rule #8053
- Fixed various pf “busy” errors when the ruleset is reloaded
- Improved handling of aliases that mix IP addresses and FQDNs #8290
- Improved update repository controls
- Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417
Quelle: https://www.netgate.com/blog/pfsense-2-4-3-release-p1-and-2-3-5-release-p2-now-available.html