pfSense 2.4.3 发布，包含重要的安全修复补丁

内容简介：pfSense 2.4.3 已发布，本次更新包含重要的安全修复和 bug 修复，还引入了一些新特性，具体如下。 值得关注的更新 包含一些重要的安全修复补丁： Kernel PTI mitigations for Meltdown (optional tunable) FreeB...

pfSense 2.4.3 已发布，本次更新包含重要的安全修复和 bug 修复，还引入了一些新特性，具体如下。

值得关注的更新

包含一些重要的安全修复补丁：

• Kernel PTI mitigations for Meltdown (optional tunable) FreeBSD-SA-18:03.speculative_execution.asc

• IBRS mitigation for Spectre V2 (requires updated CPU microcode) FreeBSD-SA-18:03.speculative_execution.asc

• Fixes for FreeBSD-SA-18:01.ipsec

• Fixed three potential XSS vectors, and two potential CSRF issues

• CSRF protection for all dashboard widgets

• Updated several base system packages to address CVEs

除了安全修复，pfSense 还包含重要的 bug 修复，如修复 pfSense PHP 模块的内存泄露问题，具体如下：

• Fixed hangs due to Limiters and pfsync in High Availability configurations

• Imported anetstatfix to improve performance and reduce CPU usage, especially on the Dashboard and ARM platforms

• Fixed a memory leak in the pfSense PHP module

• Fixed DHCPv6 lease display for entries that were not parsed properly from the lease database

• Fixed issues on assign_interfaces.php with large numbers of interfaces

• Fixed multiple issues that could result in an invalid ruleset being generated

• Fixed multiple Captive Portal voucher synchronization issues with HA

• Fixed issues with XMLRPC user account synchronization causing GUI inaccessibility on secondary HA nodes

• … and many more!

重要的新特性：

• Changed IPsec Phase 1 to allow selecting both IPv4 and IPv6 so the local side can allow inbound connections to either address family

• Changed IPsec Phase 1 to allow configuration of multiple IKE encryption algorithms, key lengths, hashes, and DH groups

• Changed SMTP notifications handling so they are batched, to avoid sending multiple e-mail messages in a short amount of time

• Added options to RFC 2136 Dynamic DNS for server key algorithm and to change the source address used to send updates

• Added VLAN priority tagging for DHCPv6 client requests

• Hardware support for the new XG-7100 including C3000 SoC support, C3000 NIC support, and Marvell 88E6190 switch support (Factory installations only)

• … and more!

详细更新内容请查看发布说明。  
下载地址：https://www.pfsense.org/download/

【声明】文章转载自：开源中国社区 [http://www.oschina.net]

以上就是本文的全部内容，希望本文的内容对大家的学习或者工作能带来一定的帮助，也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

• Kubernetes更新补丁 修复重要权限升级缺陷
• GitLab 发布补丁修复版本 11.9.1
• GitLab 发布补丁修复版本 11.9.6
• GitLab 发布补丁修复版本 11.10.4
• Firefox 已发布“插件失效”证书修复补丁
• GitLab 10.5.2 补丁版本发布，修复 Bug

本站部分资源来源于网络，本站转载出于传递更多信息之目的，版权归原作者或者来源机构所有，如转载稿涉及版权问题，请联系我们。