Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities
-
@steve_b Thanks for the explanation, that makes sense. And did not know about the RSS widget, thanks again!
-
noob questions ...
Will the 'reinstall packages' button under the Diagnostics>backup&restore....do that same thing? -
The "Reinstall packages" button reinstalls user-selected/installed packages E.g.: Snort or pfBlockerNG. The packages that are the subject of this notice are required, built-in packages so the command line way is the only way for now.
-
@redtech116 said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:
einstall packages' button under the Diagnosti
You can enable SSH via System -> Advanced - Secure Shell Server - tick enable then click save.
You will then be able to connect to your Firewall via putty. I disabled ssh after doing what needs to be done as I prefer to use the web gui instead and don't need another open path to my device.
-
@marekandreansky said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:
I prefer to use the web gui instead and don't need another open path to my device
Well ...
This time
(the RSS feed in the GUI)
and this :
(part of the Newsletter mail received today, Feb 21, 2019)talks about using the console access.
Upgrading NGINX - as you might know, this is the web server of the GUI - shouldn't be done using the same GUI.
It might work of course - but if anything goes wrong, you're locked out.The SSH (console access) is using worlds best protected access method (paired with some public/private keys) - the GUI is only and will always be next-best.
In this case, it's just a question of login using Putty - go option 8 and pasting the commandspkg update; pkg upgradelet it do its job, and
exit [enter]
and
0 [enter](test you GUI ^^)
-
It's a little problematic that the last 2.4.5 DEVEL version broke the backup functionality, and won't be updated until 2.5.0 snapshots come out -- but the instructions here are to backup the full config before the pkg update/upgrade.
https://redmine.pfsense.org/projects/pfsense/repository/revisions/e0b32eb9e6b040fd14025b5c32644959ba67250e
-
Noob question: I'm currently on 2.4.4-RELEASE-p1. Does the warning message mean that by upgrading to 2.4.4-p2 these security related packages are updated as well?
-
@callen said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:
Noob question: I'm currently on 2.4.4-RELEASE-p1. Does the warning message mean that by upgrading to 2.4.4-p2 these security related packages are updated as well?
@dennis_s said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:
Warning: If you are running a version of pfSense prior to 2.4.4-p2 simply update to that version to benefit from these changes.
It's even written in red, so improve your reading skills.
-
@grimson thanks for not being a jerk about my message. Makes me want to continue to ask questions when I'm not sure.
-
@callen If unsure ask away. Maybe it's clear but asking for clarification never hurts. Not everyone got up on the wrong side of bed ;)
-
I updated using the Diagnostics / Command Prompt as a lazy mans way around SSH or console access.
Execute Shell Command: pkg update; pkg upgrade -y
-
Glad I saw this posted somewhere on the forum my box is updated, a little different as this time i upgraded from a Mac
