pfSense 2.4.4-p1 发布。
SECURITY / ERRATA
This release includes several important security patches:
FreeBSD Errata Notice FreeBSD-EN-18:09.ip: IP fragment remediation causes IPv6 fragment reassembly failure #8934
FreeBSD Errata Notice FreeBSD-EN-18:10.syscall NULL pointer dereference in freebsd4_getfsstat system call (CVE-2018-17154)
FreeBSD Errata Notice FreeBSD-EN-18:11.listen Denial of service in listen syscall over IPv6 socket (CVE-2018-6925)
FreeBSD Errata Notice FreeBSD-EN-18:12.mem Small kernel memory disclosures in two system calls (CVE-2018-17155)
Fixed a potential authenticated command injection issue with PowerD settings. pfSense-SA-18_09.webgui #9061
Fixed handling of privileges on the All group that were previously ignored.
Warning: Check the privileges on the All group before upgrading to avoid unintended privileges for accounts being respected that were not honored before.
NOTABLE BUG FIXES
Fixed various sources of PHP 7.2 errors throughout the code base.
Updated Unbound to 1.8.1 to address issues with memory leaks, especially in DNS over TLS support.
Updated strongSwan to 5.7.1.
Improved IPsec VTI compatibility with third-party vendor implementations.
The
filterdnsdaemon has been completely rewritten to address a number of issues.Fixed issues with package reinstallation after restoring a configuration backup.
Fixed issues with Hyper-V
hn(4)network interfaces and IPv6 as well as issues with ALTQ.
NOTABLE NEW FEATURES
Added GUI options to control
sshguardsensitivity and whitelisting to allow users to fine-tune the behavior of the brute force login protection.Added support for LDAP client certificates on authentication servers. (Factory only)
Added schedule (cron) support to AutoConfigBackup.