Тег: pfsense-livecd

Chris Buechler has announced the release of pfSense 2.2.6, an updated build of the project's FreeBSD-based operating system made for firewalls and routers. This release is largely a security update to fix issues with the software's browser-based user interface and several recent OpenSSL vulnerabilities, while it also upgrades the base system to the latest FreeBSD version: "pfSense software version 2.2.6 is now available. This release includes a few bug fixes and security updates. Security fixes and errata: webgui - local file inclusion vulnerability in the pfSense WebGUI; captiveportal - SQL injection vulnerability in the pfSense captive portal logout; webgui - multiple XSS and CSRF vulnerabilities in the pfSense WebGUI; updated to FreeBSD 10.1-RELEASE-p25; openssl - multiple vulnerabilities in OpenSSL; updated strongSwan to 5.3.5; includes fix for CVE-2015-8023 authentication bypass vulnerability in the eap-mschapv2 plugin. As always, you can upgrade from any previous version straight to 2.2.6. For those already running any 2.2.x version, this is a low-risk upgrade. For those on 2.1.x or earlier versions, there are a number of significant changes which may impact you. Pay close attention to the 2.2 upgrade notes for the details."

Софт

pfSense-LiveCD-2.2.1-RELEASE-i386.iso.gz
Chris Buechler has announced the release of pfSense 2.2.1, a security and bug-fix update of the project's FreeBSD-based specialist operating system for firewalls and routers: "pfSense software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes. Security fixes: pfSense-SA-15_02.igmp - integer overflow in IGMP protocol; pfSense-SA-15_03.webgui - multiple XSS vulnerabilities in the pfSense WebGUI; pfSense-SA-15_04.webgui - arbitrary file deletion vulnerability in the pfSense WebGUI; FreeBSD-EN-15:01.vt - vt(4) crash with improper ioctl parameters; FreeBSD-EN-15:02.openssl - update to include reliability fixes from OpenSSL. A note on the OpenSSL 'FREAK' vulnerability: does not affect the web server configuration on the firewall as it does not have export ciphers enabled. pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability. If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details."

Софт

pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz
Chris Buechler has announced the release of pfSense 2.2.1, a security and bug-fix update of the project's FreeBSD-based specialist operating system for firewalls and routers: "pfSense software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes. Security fixes: pfSense-SA-15_02.igmp - integer overflow in IGMP protocol; pfSense-SA-15_03.webgui - multiple XSS vulnerabilities in the pfSense WebGUI; pfSense-SA-15_04.webgui - arbitrary file deletion vulnerability in the pfSense WebGUI; FreeBSD-EN-15:01.vt - vt(4) crash with improper ioctl parameters; FreeBSD-EN-15:02.openssl - update to include reliability fixes from OpenSSL. A note on the OpenSSL 'FREAK' vulnerability: does not affect the web server configuration on the firewall as it does not have export ciphers enabled. pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability. If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details."

Софт