Software-update: pfSense Plus 26.03.1

Netgate heeft versie 26.03.1 van pfSense Plus uitgebracht. Dit pakket is gebaseerd op het besturingssysteem FreeBSD en richt zich op router- en firewalltaken. Het is verkrijgbaar in de gratis Community Edition en een Plus-uitvoering, die voorheen als Factory Edition werd aangeboden. De Plus-uitvoering draait op de hardware die Netgate aanbiedt, als virtuele machine in AWS of Azure. In tegenstelling tot de Community Edition is het echter geen open source.

Het is in 2004 begonnen als een afsplitsing van m0n0wall vanwege verschillende visies bij de ontwikkelaars en in de loop van de jaren uitgegroeid tot een router- en firewallpakket dat in zowel kleine als zeer grote omgevingen kan worden ingezet. Voor meer informatie verwijzen we naar deze pagina. De changelog voor deze uitgave ziet er als volgt uit:

Security/Errata

This release contains several security fixes, some of which were previously released via the Recommended System Patches feature of the System Patches Package.

pfSense-SA-26_03.webgui - Potential Stored XSS in diag_arp.php when using ISC DHCP #16763pfSense-SA-26_04.webgui - Potential XSS in RSS Widget feed content post titles #16770pfSense-SA-26_05.webgui - Potential XSS in Captive Portal widget #16773Several security and errata fixes were merged from FreeBSD, including fixes for vulnerabilities discovered in the DHCP client.Several base system packages were updated to address various upstream security issues.

pfSense-SA-26_03.webgui - Potential Stored XSS in diag_arp.php when using ISC DHCP #16763

pfSense-SA-26_04.webgui - Potential XSS in RSS Widget feed content post titles #16770

pfSense-SA-26_05.webgui - Potential XSS in Captive Portal widget #16773

Several security and errata fixes were merged from FreeBSD, including fixes for vulnerabilities discovered in the DHCP client.

Several base system packages were updated to address various upstream security issues.

pfSense Plus

Changes in this version of pfSense Plus software.

Aliases / Tables

Changed: Increase amount of system alias content printed in alias list #16118

Changed: Increase amount of system alias content printed in alias list #16118

Authentication

Fixed: LDAP shell authentication does not honor configured group DN restriction #16799

Fixed: LDAP shell authentication does not honor configured group DN restriction #16799

Captive Portal

Fixed: Captive Portal authentication messages are not logged #16818Fixed: Potential XSS in Captive Portal widget #16773

Fixed: Captive Portal authentication messages are not logged #16818

Fixed: Potential XSS in Captive Portal widget #16773

Configuration Upgrade

Fixed: Configuration upgrades fail to properly upgrade firewall rules for revisions 10.6 and 10.8 #16840

Fixed: Configuration upgrades fail to properly upgrade firewall rules for revisions 10.6 and 10.8 #16840

Console Menu

Fixed: Repeatedly attempting to cancel console menu operations with Ctrl-C can drop the user into the password change flow #16782

Fixed: Repeatedly attempting to cancel console menu operations with Ctrl-C can drop the user into the password change flow #16782

Dashboard

Fixed: Potential XSS in RSS Widget feed content post titles #16770

Fixed: Potential XSS in RSS Widget feed content post titles #16770

Diagnostics

Fixed: Potential Stored XSS in diag_arp.php when using ISC DHCP #16763

Fixed: Potential Stored XSS in diag_arp.php when using ISC DHCP #16763

Dynamic DNS

Added: Log errors when determining the RFC2136 update source address #16819

Added: Log errors when determining the RFC2136 update source address #16819

IPsec

Fixed: IPsec daemon can crash if a peer initiates two rekeys for the same child SA #16836

Fixed: IPsec daemon can crash if a peer initiates two rekeys for the same child SA #16836

OpenVPN

Fixed: Automatically generated vpn_networks table is missing OpenVPN networks #16795Fixed: All OpenVPN instances are restarted when applying changes to any assigned interface #16815

Fixed: Automatically generated vpn_networks table is missing OpenVPN networks #16795

Fixed: All OpenVPN instances are restarted when applying changes to any assigned interface #16815

Operating System

Fixed: Kernel panic due to race condition on a bpf device #16790

Fixed: Kernel panic due to race condition on a bpf device #16790

PHP Interpreter

Fixed: NULL bytes in an IP address can trigger PHP errors from ip2long() #16771

Fixed: NULL bytes in an IP address can trigger PHP errors from ip2long() #16771

Rules / NAT

Added: Add MAP-E port set (PSID) support to manual outbound NAT rules #11901Fixed: Firewall rule source option This Firewall (self) is not available when duplicating floating rules #16729

Added: Add MAP-E port set (PSID) support to manual outbound NAT rules #11901

Fixed: Firewall rule source option This Firewall (self) is not available when duplicating floating rules #16729

User Manager / Privileges

Fixed: Creating a new user ignores certificate checkbox value if the certificate fields are populated #16721

Fixed: Creating a new user ignores certificate checkbox value if the certificate fields are populated #16721

Wake on LAN

Fixed: Links to send WOL packets are not handled consistently, may fail to send #16803

Fixed: Links to send WOL packets are not handled consistently, may fail to send #16803

Source: Tweakers.net