OPNsense Forum
Administrative => Announcements => Topic started by: franco on November 22, 2017, 01:40:22 pm
-
Hi everyone,
A shiny new update is available, addressing the recent security advisories from FreeBSD, OpenSSL, Sudo and a number of minor bugs.
To all our 18.1-BETA testers we say this: thank you! The results have been thoroughly positive. If you would like to participate as well, please take a closer look:
https://forum.opnsense.org/index.php?topic=6257.0
And here are the full patch notes:
o firewall: when CARP is disabled it should enable the "Block CARP traffic"
o firewall: isAlias() should return false when an empty name is provided
o firewall: support non-whitespace field separators for URL table alias (contributed by shonjir)
o firewall: table plugin support (contributed by Evgeny Bevz)
o firewall: properly skip L2TP and PPTP interfaces in IPFW
o firmware: add mirror courtesy of Ventura Systems, Columbia
o firmware: crash report file size limit for upload
o interfaces: prevent reconfigure of wireless device on rc.linkup
o reporting: clear tooltip in health graphs
o intrusion detection: prevent UI lockups by closing server sessions early
o intrusion detection: add advanced payload log option
o intrusion detection: improved alert inspection dialog
o ipsec: add passthrough networks support
o ipsec: add support for elliptical curve DH groups
o router advertisements: fix DHCPv6 start in "unmanaged" mode
o installer: limit swap partition size to 8 GB (contributed by Frank Wall)
o web proxy: add update cache support for Linux and Windows (contributed by Fabian Franz)
o web proxy: add support UTF-8 domain names (contributed by Alexander Shursha)
o web proxy: improved IPv6 alias support
o ui: make "full help" state sticky in client session
o lang: Japanese updates (contributed by Chie and Takeshi Taguchi)
o lang: German updates (contributed by Fabian Franz)
o lang: Russian updates (contributed by Smart-Soft)
o lang: Czech updates (contributed by Pavel Borecki)
o plugins: os-siproxd 1.2.1 with fix for RTP high port (contributed by mrpace2)
o plugins: os-smart 1.2 now indicates if no devices have been found (contributed by Larry Meaney)
o plugins: os-telegraf 1.1 adds network input setting (contributed by nycaleksey)
o plugins: os-tor 1.2 adds hidden service onion service client support (contributed by Fabian Franz)
o plugins: os-web-proxy 2.1 makes Kerberos hostname configurable (contributed by Evgeny Bevz)
o src: properly bzero kldstat structure to prevent information leak [1]
o src: fix kernel data leak via ptrace(PT_LWPINFO) [2]
o src: only refresh bsnmpd device table on a device add or remove event
o src: unclog reply-to to avoid default route in shared forwarding
o src: update timezone database information
o ports: phalcon 3.2.4[3]
o ports: php 7.0.25[4]
o ports: sqlite 3.21.0[5]
o ports: openssl 1.0.2m[6]
o ports: ca_root_nss 3.34
o ports: sudo 1.8.21p2_1[7]
Stay safe,
Your OPNsense team
--
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-17:10.kldstat.asc
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-17:08.ptrace.asc
[3] https://github.com/phalcon/cphalcon/releases/tag/v3.2.4
[4] http://de2.php.net/ChangeLog-7.php#7.0.25
[5] https://sqlite.org/changes.html
[6] https://www.openssl.org/news/secadv/20171102.txt
[7] https://bugzilla.sudo.ws/show_bug.cgi?id=807