pfSense 2.4.3 发布，包含重要的安全修复补丁

最新推荐文章于 2025-09-12 13:16:34 发布

weixin_30569033

最新推荐文章于 2025-09-12 13:16:34 发布

阅读量64

点赞数

CC 4.0 BY-SA版权

文章标签： php 运维数据库

原文链接：http://www.cnblogs.com/pengpeng1208/p/9577096.html

pfSense 2.4.3 版本已发布，此版本包括重要的安全修复，例如针对 Meltdown 和 Spectre V2 的缓解措施，并修复了多个潜在的安全漏洞。此外，还解决了 pfSense PHP 模块的内存泄漏问题，改善了 netstat 的性能并减少了 CPU 使用率。新特性方面，允许 IPsec Phase 1 同时选择 IPv4 和 IPv6，增加了 RFC2136 Dynamic DNS 的选项，支持最新的 XG-7100 硬件。

　　pfSense 2.4.3 已发布，本次更新包含重要的安全修复和 bug 修复，还引入了一些新特性，具体如下。

　　值得关注的更新

　　包含一些重要的安全修复补丁：

　　Kernel PTI mitigations for Meltdown (optional tunable) FreeBSD-SA-18:03.speculative_execution.asc

　　IBRS mitigation for Spectre V2 (requires updated CPU microcode) FreeBSD-SA-18:03.speculative_execution.asc

　　Fixes for FreeBSD-SA-18:01.ipsec

　　Fixed three potential XSS vectors, and two potential CSRF issues

　　CSRF protection for all dashboard widgets

　　Updated several base system packages to address CVEs

　　除了安全修复，pfSense 还包含重要的 bug 修复，如修复 pfSense PHP 模块的内存泄露问题，具体如下：

　　Fixed hangs due to Limiters and pfsync in High Availability configurations

　　Imported anetstatfix to improve performance and reduce CPU usage, especially on the Dashboard and ARM platforms

　　Fixed a memory leak in the pfSense PHP module

　　Fixed DHCPv6 lease display for entries that were not parsed properly from the lease database

　　Fixed issues on assign_interfaces.php with large numbers of interfaces

　　Fixed multiple issues that could result in an invalid ruleset being generated

　　Fixed multiple Captive Portal voucher synchronization issues with HA

　　Fixed issues with XMLRPC user account synchronization causing GUI inaccessibility on secondary HA nodes

　　… and many more!

　　重要的新特性：

　　Changed IPsec Phase 1 to allow selecting both IPv4 and IPv6 so the local side can allow inbound connections to either address family

　　Changed IPsec Phase 1 to allow configuration of multiple IKE encryption algorithms, key lengths, hashes, and DH groups

　　Changed SMTP notifications handling so they are batched, to avoid sending multiple e-mail messages in a short amount of time

　　Added options to RFC 2136 Dynamic DNS for server key algorithm and to change the source address used to send updates

　　Added VLAN priority tagging for DHCPv6 client requests

　　Hardware support for the new XG-7100 including C3000 SoC support, C3000 NIC support, and Marvell 88E6190 switch support (Factory installations only)

　　… and more!

　　详细更新内容请查看发布说明。

　　下载地址：https://www.pfsense.org/download/(编辑：雷林鹏来源：网络)

转载于:https://www.cnblogs.com/pengpeng1208/p/9577096.html