On 11/04/2014 5:23 am, Jim Thompson wrote:
https://blog.pfsense.org/?p=1253
pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows less
than a week after pfSense release 2.1.1, and is primarily a security release.
Thanks for the new release. Any sign of updated AWS AMIs?
Regards,
lb
The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel
attack are both covered by the following security announcements:
• pfSense-SA-14_04.openssl
• FreeBSD-SA-14:06.openssl
• CVE-2014-0160 (Heartbleed)
• CVE-2014-0076 (ECDSA Flaw)
Packages also have their own independent fixes and need updating. During the
firmware update process the packages will be properly reinstalled. If this
fails for any reason, uninstall and then reinstall packages to ensure that the
latest version of the binaries is in use.
Other Fixes
• On packages that use row_helper, when user clicks on an add or delete
button, the page scrolls to top. #3569
• Correct a typo on function name in Captive Portal bandwidth
allocation.
• Make extra sure that we do not start multiple instances of dhcpleases
if, for example, the PID is stale or invalid, and there is still a running
instance.
• Fix for CRL editing. Use an alphanumeric test rather than purely
is_numericint because the ID is generated by uniqid and is not purely numeric.
#3591
You will want to perform a full security audit of your pfSense installations,
renewing any passwords, generating or fitting new certificates, placing the old
certificates on a CRL, etc.
_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
