Current File : //proc/self/root/backups/router/usr/local/opnsense/changelog/20.7.3.htm
<p>Hello hello,</p><p>Today is the day for a number of FreeBSD security advisories and a few reliability fixes.</p><p>We are still testing a batch of Netmap improvement patches with a separate kernel. This and the Realtek vendor driver update will likely follow in the next kernel update. All feedback is welcome.</p><p>Here are the full patch notes:</p><p><ul><li>system: use different shell gateway name to appease wizard</li><li>system: simplify CARP hook</li><li>interfaces: phase out netaddr.eui.ieee.OUI_REGISTRY_PATH usage</li><li>firewall: add MAC type to top right filter selection</li><li>firewall: fix two scrub rule parsing bugs</li><li>firewall: omit group type interfaces in filter selection</li><li>intrusion detection: re-create rule cache after rule deployment</li><li>unbound: add "unbound-plus" section to XMLRPC sync</li><li>dhcp: adding DDNS values of each additional pool to the $ddns_zones array (contributed by Mathieu St-Pierre)</li><li>dhcp: add static interface mode to router advertisements</li><li>rc: fix ssh key permissions on MSDOS import</li><li>rc: support service identifier in pluginctl -s mode</li><li>plugins: os-bind download link changes (contributed by gap579137)</li><li>plugins: os-chrony 1.0 (contributed by Michael Muenz)</li><li>plugins: os-dnscrypt-proxy blocklist script fixes (contributed by Mark Keisler)</li><li>plugins: os-frr 1.17[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/20.7/net/frr/pkg-descr">1</a>]</li><li>plugins: os-postfix 1.17[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/20.7/mail/postfix/pkg-descr">2</a>]</li><li>plugins: os-rspamd 1.10[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/20.7/mail/rspamd/pkg-descr">3</a>]</li><li>plugins: os-theme-cicada 1.25 (contributed by Team Rebellion)</li><li>plugins: os-theme-tukan 1.23 (contributed by Team Rebellion)</li><li>plugins: os-theme-vicuna 1.1 (contributed by Team Rebellion)</li><li>plugins: os-wireguard 1.3[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/20.7/net/wireguard/pkg-descr">4</a>]</li><li>plugins: os-zabbix-agent 1.8[<a target="_blank" href="https://github.com/opnsense/plugins/blob/stable/20.7/net-mgmt/zabbix-agent/pkg-descr">5</a>]</li><li>src: fix FreeBSD Linux ABI kernel panic[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-EN-20:17.linuxthread.asc">6</a>]</li><li>src: fix SCTP socket use-after-free[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:25.sctp.asc">7</a>]</li><li>src: fix dhclient heap overflow[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:26.dhclient.asc">8</a>]</li><li>src: fix ure device driver susceptible to packet-in-packet attack[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:27.ure.asc">9</a>]</li><li>src: fix bhyve privilege escalation via VMCS access[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc">10</a>]</li><li>src: fix bhyve SVM guest escape[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc">11</a>]</li><li>src: fix ftpd privilege escalation via ftpchroot[<a target="_blank" href="https://www.freebsd.org/security/advisories/FreeBSD-SA-20:30.ftpd.asc">12</a>]</li><li>src: set PAX_HARDENING_NOSHLIBRANDOM in the RTLD by default</li><li>src: fix kernel panic while trying to read multicast stream</li><li>ports: mpd 5.9[<a target="_blank" href="http://mpd.sourceforge.net/doc5/mpd4.html#4">13</a>]</li><li>ports: nss 3.57[<a target="_blank" href="https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_57.html">14</a>]</li><li>ports: php 7.3.22[<a target="_blank" href="https://www.php.net/ChangeLog-7.php#7.3.22">15</a>]</li><li>ports: pkg 1.15.6[<a target="_blank" href="https://github.com/freebsd/freebsd-ports/commit/fd4f5566aea">16</a>]</li></ul></p><p><br>Stay safe,<br> Your OPNsense team</p>
Mini Shell