Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities

    Scheduled Pinned Locked Moved Messages from the pfSense Team
    22 Posts 14 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redtech116
      last edited by

      noob questions ...
      Will the 'reinstall packages' button under the Diagnostics>backup&restore....do that same thing?

      M 1 Reply Last reply Reply Quote 0
      • S
        Steve_B Netgate
        last edited by Steve_B

        The "Reinstall packages" button reinstalls user-selected/installed packages E.g.: Snort or pfBlockerNG. The packages that are the subject of this notice are required, built-in packages so the command line way is the only way for now.

        Als ik kan

        1 Reply Last reply Reply Quote 0
        • M
          MarekAndreansky @redtech116
          last edited by

          @redtech116 said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

          einstall packages' button under the Diagnosti

          You can enable SSH via System -> Advanced - Secure Shell Server - tick enable then click save.

          You will then be able to connect to your Firewall via putty. I disabled ssh after doing what needs to be done as I prefer to use the web gui instead and don't need another open path to my device.

          GertjanG 1 Reply Last reply Reply Quote 1
          • GertjanG
            Gertjan @MarekAndreansky
            last edited by

            @marekandreansky said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

            I prefer to use the web gui instead and don't need another open path to my device

            Well ...
            This time
            0_1550764541752_f1668a92-bd05-4fc9-94f0-01c2d624c9c6-image.png
            (the RSS feed in the GUI)
            and this :
            0_1550764582341_9d36d720-139c-468f-ae30-6abc203dd5ba-image.png
            (part of the Newsletter mail received today, Feb 21, 2019)

            talks about using the console access.

            Upgrading NGINX - as you might know, this is the web server of the GUI - shouldn't be done using the same GUI.
            It might work of course - but if anything goes wrong, you're locked out.

            The SSH (console access) is using worlds best protected access method (paired with some public/private keys) - the GUI is only and will always be next-best.
            In this case, it's just a question of login using Putty - go option 8 and pasting the commands

            pkg update; pkg upgrade
            

            let it do its job, and
            exit [enter]
            and
            0 [enter]

            (test you GUI ^^)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • I
              inqq
              last edited by

              It's a little problematic that the last 2.4.5 DEVEL version broke the backup functionality, and won't be updated until 2.5.0 snapshots come out -- but the instructions here are to backup the full config before the pkg update/upgrade.

              https://redmine.pfsense.org/projects/pfsense/repository/revisions/e0b32eb9e6b040fd14025b5c32644959ba67250e

              1 Reply Last reply Reply Quote 0
              • C
                callen
                last edited by

                Noob question: I'm currently on 2.4.4-RELEASE-p1. Does the warning message mean that by upgrading to 2.4.4-p2 these security related packages are updated as well?

                GrimsonG 1 Reply Last reply Reply Quote 0
                • GrimsonG
                  Grimson Banned @callen
                  last edited by

                  @callen said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

                  Noob question: I'm currently on 2.4.4-RELEASE-p1. Does the warning message mean that by upgrading to 2.4.4-p2 these security related packages are updated as well?

                  @dennis_s said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

                  Warning: If you are running a version of pfSense prior to 2.4.4-p2 simply update to that version to benefit from these changes.

                  It's even written in red, so improve your reading skills.

                  C 1 Reply Last reply Reply Quote 0
                  • C
                    callen @Grimson
                    last edited by

                    @grimson thanks for not being a jerk about my message. Makes me want to continue to ask questions when I'm not sure.

                    JeGrJ 1 Reply Last reply Reply Quote 0
                    • JeGrJ
                      JeGr LAYER 8 Moderator @callen
                      last edited by

                      @callen If unsure ask away. Maybe it's clear but asking for clarification never hurts. Not everyone got up on the wrong side of bed ;)

                      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                      1 Reply Last reply Reply Quote 0
                      • GilG
                        Gil Rebel Alliance
                        last edited by

                        I updated using the Diagnostics / Command Prompt as a lazy mans way around SSH or console access.

                        Execute Shell Command: pkg update; pkg upgrade -y

                        11 cheers for binary

                        1 Reply Last reply Reply Quote 0
                        • B
                          bcruze
                          last edited by

                          Glad I saw this posted somewhere on the forum my box is updated, a little different as this time i upgraded from a Mac

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.