pfSense 2.4.4-p1 发布。

SECURITY / ERRATA

This release includes several important security patches:

  • FreeBSD Errata Notice FreeBSD-EN-18:09.ip: IP fragment remediation causes IPv6 fragment reassembly failure #8934

  • FreeBSD Errata Notice FreeBSD-EN-18:10.syscall NULL pointer dereference in freebsd4_getfsstat system call (CVE-2018-17154)

  • FreeBSD Errata Notice FreeBSD-EN-18:11.listen Denial of service in listen syscall over IPv6 socket (CVE-2018-6925)

  • FreeBSD Errata Notice FreeBSD-EN-18:12.mem Small kernel memory disclosures in two system calls (CVE-2018-17155)

  • Fixed a potential authenticated command injection issue with PowerD settings. pfSense-SA-18_09.webgui #9061

  • Fixed handling of privileges on the All group that were previously ignored.

    Warning: Check the privileges on the All group before upgrading to avoid unintended privileges for accounts being respected that were not honored before.

NOTABLE BUG FIXES

  • Fixed various sources of PHP 7.2 errors throughout the code base.

  • Updated Unbound to 1.8.1 to address issues with memory leaks, especially in DNS over TLS support.

  • Updated strongSwan to 5.7.1.

  • Improved IPsec VTI compatibility with third-party vendor implementations.

  • The filterdns daemon has been completely rewritten to address a number of issues.

  • Fixed issues with package reinstallation after restoring a configuration backup.

  • Fixed issues with Hyper-V hn(4) network interfaces and IPv6 as well as issues with ALTQ.

NOTABLE NEW FEATURES

  • Added GUI options to control sshguard sensitivity and whitelisting to allow users to fine-tune the behavior of the brute force login protection.

  • Added support for LDAP client certificates on authentication servers. (Factory only)

  • Added schedule (cron) support to AutoConfigBackup.