pfSense 2.4.3_1 und 2.3.5_2 Security und Bugfix Release

netgate hat für die Open-Source Firwall, pfSense, das Update 2.4.3 p1 und 2.3.5 p2 veröffentlicht. Dies ist ein Maintenance Update, dass Fehler behebt und die Sicherheitspatche installiert.

!! Achtung – einige Admins berichten im pfSense Forum über Probleme mit Routing, NAT, CARP und Bootproblemen. !!

pfSense Update 2.4.3_1

pfSense Update 2.4.3_1

2.4.3-p1 New Features and Changes

Security / Errata

Misc

  • Added a check to avoid creating route-to rules for proxy ARP addresses
  • Corrected alias name input validation text referring to well-known and registered ports #8409
  • Corrected the list of pf reserved keywords to prevent aliases from using invalid custom names #8445
  • Fixed an issue with Captive Portal access rules being left behind on disconnect #8441
  • Fixed an issue with pressing Enter in the filter field of diag_pftop.php #8494
  • Fixed an issue with invalid rules generated due to the presence of IPv6 Alias VIPs #8408
  • Fixed an issue with IPsec mobile Pre-Shared Keys and iOS devices #8426
  • Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
  • Fixed firewall rules generated by the OpenVPN wizard #8391
  • Fixed handling of OpenVPN RADIUS attribute firewall rules #8480
  • Fixed handling of XMLRPC user/group synchronization when that section is disabled on the primary #8450
  • Fixed input validation to allow named services to be used in firewall rules rather than numbers alone #8410
  • Fixed issues with IP alias VIPs on Localhost at boot time #8393
  • Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417
  • Updated SimplePie RSS to 1.5.1 #8423
  • Added more fields to the list that status.php uses to redact private information #8394

2.3.5-p2 New Features and Changes

Security / Errata

Misc

  • Added an option to disable HSTS for the GUI web server #6650
  • Added filtering to pfTop page
  • Added ospf6d to the routing log
  • Change get_interface_subnet() to use configured value if available
  • Corrected sethelp call on firewall_rules_edit.php #8242
  • Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
  • Fixed an issue with the address familiy selection for remote syslog servers using IPv6 #8323
  • Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239
  • Fixed config.xml corruption handling
  • Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275
  • Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261
  • Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129
  • Fixed selection of IPv6 gateways when creating a new firewall rule #8053
  • Fixed various pf “busy” errors when the ruleset is reloaded
  • Improved handling of aliases that mix IP addresses and FQDNs #8290
  • Improved update repository controls
  • Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417

Quelle: https://www.netgate.com/blog/pfsense-2-4-3-release-p1-and-2-3-5-release-p2-now-available.html

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.