Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities

    Messages from the pfSense Team
    14
    22
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Steve_B Netgate
      last edited by Steve_B

      The "Reinstall packages" button reinstalls user-selected/installed packages E.g.: Snort or pfBlockerNG. The packages that are the subject of this notice are required, built-in packages so the command line way is the only way for now.

      Als ik kan

      1 Reply Last reply Reply Quote 0
      • M
        MarekAndreansky @redtech116
        last edited by

        @redtech116 said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

        einstall packages' button under the Diagnosti

        You can enable SSH via System -> Advanced - Secure Shell Server - tick enable then click save.

        You will then be able to connect to your Firewall via putty. I disabled ssh after doing what needs to be done as I prefer to use the web gui instead and don't need another open path to my device.

        GertjanG 1 Reply Last reply Reply Quote 1
        • GertjanG
          Gertjan @MarekAndreansky
          last edited by

          @marekandreansky said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

          I prefer to use the web gui instead and don't need another open path to my device

          Well ...
          This time
          0_1550764541752_f1668a92-bd05-4fc9-94f0-01c2d624c9c6-image.png
          (the RSS feed in the GUI)
          and this :
          0_1550764582341_9d36d720-139c-468f-ae30-6abc203dd5ba-image.png
          (part of the Newsletter mail received today, Feb 21, 2019)

          talks about using the console access.

          Upgrading NGINX - as you might know, this is the web server of the GUI - shouldn't be done using the same GUI.
          It might work of course - but if anything goes wrong, you're locked out.

          The SSH (console access) is using worlds best protected access method (paired with some public/private keys) - the GUI is only and will always be next-best.
          In this case, it's just a question of login using Putty - go option 8 and pasting the commands

          pkg update; pkg upgrade
          

          let it do its job, and
          exit [enter]
          and
          0 [enter]

          (test you GUI ^^)

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • I
            inqq
            last edited by

            It's a little problematic that the last 2.4.5 DEVEL version broke the backup functionality, and won't be updated until 2.5.0 snapshots come out -- but the instructions here are to backup the full config before the pkg update/upgrade.

            https://redmine.pfsense.org/projects/pfsense/repository/revisions/e0b32eb9e6b040fd14025b5c32644959ba67250e

            1 Reply Last reply Reply Quote 0
            • C
              callen
              last edited by

              Noob question: I'm currently on 2.4.4-RELEASE-p1. Does the warning message mean that by upgrading to 2.4.4-p2 these security related packages are updated as well?

              GrimsonG 1 Reply Last reply Reply Quote 0
              • GrimsonG
                Grimson Banned @callen
                last edited by

                @callen said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

                Noob question: I'm currently on 2.4.4-RELEASE-p1. Does the warning message mean that by upgrading to 2.4.4-p2 these security related packages are updated as well?

                @dennis_s said in Update pfSense packages to protect against NGINX, libzmq4, and curl vulnerabilities:

                Warning: If you are running a version of pfSense prior to 2.4.4-p2 simply update to that version to benefit from these changes.

                It's even written in red, so improve your reading skills.

                C 1 Reply Last reply Reply Quote 0
                • C
                  callen @Grimson
                  last edited by

                  @grimson thanks for not being a jerk about my message. Makes me want to continue to ask questions when I'm not sure.

                  JeGrJ 1 Reply Last reply Reply Quote 0
                  • JeGrJ
                    JeGr LAYER 8 Moderator @callen
                    last edited by

                    @callen If unsure ask away. Maybe it's clear but asking for clarification never hurts. Not everyone got up on the wrong side of bed ;)

                    Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                    If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                    1 Reply Last reply Reply Quote 0
                    • GilG
                      Gil Rebel Alliance
                      last edited by

                      I updated using the Diagnostics / Command Prompt as a lazy mans way around SSH or console access.

                      Execute Shell Command: pkg update; pkg upgrade -y

                      11 cheers for binary

                      1 Reply Last reply Reply Quote 0
                      • B
                        bcruze
                        last edited by

                        Glad I saw this posted somewhere on the forum my box is updated, a little different as this time i upgraded from a Mac

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.