Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can security patches be applied to specific packages?

    General pfSense Questions
    3
    5
    462
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AR 0
      last edited by

      Hello, if I I want to update openssh for example and fix the forwarding vulnerability (CVE-2023-38408). Is it posibble?

      I saw there are patches for certain FreeBSD versions but the pfSense is in a different version (FreeBSD 14.0-CURRENT) and it says it is up to date.

      Thanks.

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @AR 0
        last edited by

        @AR-0 Base packages are updated as part of the core pfSense software.

        Most vulnerabilities are either mitigated by shutting down the package (like not running SSH) or aren't actually exploitable in pfSense.
        I cannot speak for any specific CVE but if there's a security vulnerability that can be exploited and cannot be mitigated without replacing the binary there will be a dot release for the software.

        AFAIK there is no plan for a 23.05.2 release at this time and 23.09 will have any needed binary updates.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        A 1 Reply Last reply Reply Quote 0
        • A
          AR 0 @rcoleman-netgate
          last edited by

          @rcoleman-netgate Thank you!

          1 Reply Last reply Reply Quote 0
          • jimpJ jimp moved this topic from Problems Installing or Upgrading pfSense Software on
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            @AR-0 said in How can security patches be applied to specific packages?:

            CVE-2023-38408

            In that particular case it does not affect anything in the standard operation of pfSense. It only applies to SSH clients so would only be applicable at all for someone using pfSense as a client in some custom way.

            A 1 Reply Last reply Reply Quote 1
            • A
              AR 0 @stephenw10
              last edited by AR 0

              @stephenw10 I see, thank you very much for your answer 😁

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.