OPNsense 19.7.2 released

Franco Fichtner franco at opnsense.org
Mon Aug 5 10:08:35 UTC 2019


Hi there,

This update ships the latest FreeBSD security advisories along with several
smaller improvements and fixes.  Sunny Valley Networks is the first vendor
to introduce additional software to the plugin framework in the form of the
Sensei plugin.

Here are the full patch notes:

o system: missing "<PRI>" in legacy output via Syslog-ng
o system: fix writing gateway information for DNS servers
o system: allow gateway to work in DHCPv6 WAN when no router solicitation is available
o firewall: unhide automatic interface-based output rules
o firewall: unhide automatic non-interface-based floating rules
o firewall: lift length restriction in NAT rule description
o firewall: avoid newlines in rule descriptions
o firewall: only show usable addresses in NAT outbound rules
o interfaces: fix extended CARP output when parsing interface information
o interfaces: add more outputs to overview page to increase usefulness
o interfaces: use shared DHCP lease reader for ARP list
o captive portal: fix binary read issue in Python 3
o dhcp: fix DHCPv4 relay interface selection (contributed by jayantsahtoe)
o firmware: handle file signature verify correctly with multiple fingerprint repositories
o firmware: Aivian mirror is no longer active
o firmware: Cloudfence mirror in Brazil added
o plugins: os-acme-client 1.24[1]
o plugins: os-bind 1.6 (contributed by crazy-max)
o plugins: os-dnscrypt-proxy 1.5 (contributed by crazy-max)
o plugins: os-grid_example 1.0[2]
o plugins: os-helloworld Python 3 compatibility[3]
o plugins: os-sunnyvalley 1.0[4][5]
o src: fix panic from Intel CPU vulnerability mitigation[6]
o src: fix multiple telnet client vulnerabilities[7]
o src: fix pts write-after-free[8]
o src: fix kernel memory disclosure in freebsd32_ioctl[9]
o src: fix reference count overflow in mqueuefs[10]
o src: fix byhve out-of-bounds read in XHCI device[11]
o src: fix file descriptor reference count leak[12]
o ports: libebent 2.1.11[13]


Stay safe,
Your OPNsense team

--
[1] https://github.com/opnsense/plugins/pull/1399
[2] https://docs.opnsense.org/development/examples/using_grids.html
[3] https://docs.opnsense.org/development/examples/helloworld.html
[4] https://docs.opnsense.org/third_party_plugins.html
[5] https://www.sunnyvalley.io/sensei
[6] https://www.freebsd.org/security/advisories/FreeBSD-EN-19:13.mds.asc
[7] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc
[8] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:13.pts.asc
[9] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:14.freebsd32.asc
[10] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:15.mqueuefs.asc
[11] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc
[12] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:17.fd.asc
[13] https://raw.githubusercontent.com/libevent/libevent/release-2.1.11-stable/ChangeLog



More information about the announce mailing list