Download pfSense 2.4.4-p3

Spread the love

The pfSense project started in 2004 as a fork of m0n0wall due to differing views among the developers, and over the years has evolved into a router and firewall package that can be deployed in both small and very large environments. For more information, please refer to this page. The development team has released pfSense 2.4.4-p3 with the following changes:

pfSense 2.4.4-RELEASE-p3 now available

We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades!

pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release.

pfSense 2.4.4-RELEASE-p3 updates and installation images are available now!

To see a complete list of changes and find more detail, see the Release Notes.

We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week.

Highlights

SECURITY / ERRATA
pfSense software release version 2.4.4-p3 addresses several critical security issues:

  • A privilege escalation issue where an authenticated user could have used a technique similar to directory traversal to gain access to pages for which they otherwise would not have privileges
  • A privilege escalation issue where an authenticated user granted access to the Dashboard or widgets could have gained access to pages for which they otherwise would not have privileges
  • A privilege escalation issue where an authenticated user granted access to edit OpenVPN servers, clients, or client-specific overrides could have executed shell scripts via OpenVPN advanced options to gain higher privileges
    A new set of privileges has been created to delegate access to edit the advanced options fields on these pages. Existing users who are not administrators, but only have access to the stated pages, can no longer edit advanced option fields until the new privileges have been granted.
  • Potential cross-site scripting (XSS) vectors in 10 GUI pages
  • The sshguard daemon which protects the GUI and ssh against brute force attacks was changed to use a single table to block offenders from reaching the GUI and SSH, which corrects previous unexpected inconsistencies in behavior.
  • Several FreeBSD security advisories:
    • FreeBSD-SA-19:03.wpa
    • FreeBSD-SA-19:04.ntp
    • FreeBSD-SA-19:05.pf
    • FreeBSD-SA-19:06.pf
    • FreeBSD-SA-19:07.mds
    • FreeBSD-EN-19:08.tzdata
  • DNS over TLS host verification has been added, thanks to support from a recent Unbound version that made it possible on systems without OpenSSL 1.1.x.

For complete details about these issues, see the see the Release Notes.

Version number 2.4.4-p3
Release status Final
Operating systems BSD
Website netgate
Download
License type GPL
You might also like
Exit mobile version