OS/Kernel Patches for pfSense Plus for AWS virtual appliance
-
Hello,
I'm a first-time subscriber of the pfSense Plus for Amazon AWS virtual appliance from the AWS Marketplace. My t3a.small EC2 instance is running pfsense 23.09.1.
SSH'ing to the instance as admin, I found out that the OS is FreeBSD 14.0.
I read through the documentation and the upgrade process when a new Netgate
pfSense Plus AMI is issued. That's well written, thank you.
However, I did not find any mention of patching the kernel or OS if vulnerabilities are found. What is the Netgate-issued guidance for resolving such issues?
Are customers/subscribers allowed to install kernel/OS-level patches or upgrades? If not, will Netgate release a new AMI, and how soon would that be from the time the CVE was issued or a patch was released?
If this has been documented, please provide the URL.
Asking all these questions in order to fill out security documentation required for my customer's processes.
Thank you. -
@AndyM-TB You can read up here: https://docs.netgate.com/pfsense/en/latest/development/system-patches.html?hsenc=p2ANqtz--gA-74I8DhSzbAxUDNm7LgtfzizzXj4pmaYvfaYlxT7FQcUnA_JRbjVjn5EZO2UTRyFb6 or here: https://docs.netgate.com/pfsense/en/latest/packages/netgate-firmware.html
-
@NollipfSense
The first link is for system package patches, which is relevant and what I was looking for.
The second link is for firmware upgrade packages on certain hardware models, which would not apply to the virtual appliance.
Thank you so much! -
You would still see version updates available if a vulnerability was discovered that warranted a pfSense Plus release. Same as an other pfSense Plus install.
