Do I need to update the FreeBSD OS, that pfSense sits upon?



  • Does anyone know if I need to frequently update the FreeBSD OS, that pfSense sits upon?
    Not pfSense itself and its packages, but the OS components.
    E.g. use some FreeBSD commands from the management UI, or via SSH?
    I have done some quick search on the internet, but I didn't find any information regarding this...
    Is this being done automatically for me or I should do it myself frequently and manually (or using some cron job - maybe)?
    If this is something that I need to do, what is the most common way of doing it?

    E.g., recently, a quite severe security issue was found on software combining NGINX and PHP-FPM, which is what pfSense uses, as far as I know:
    https://thehackernews.com/2019/10/nginx-php-fpm-hacking.html

    And I am wondering what I am supposed to do about it...
    Any ideas?



  • No. When you update pfSense, it updates the underlying OS. You cannot update it manually. As for the NGINX issue, please search- it has already been discussed, and is a non-issue.



  • Indeed!
    Searching this site with the CVE identifier (CVE-2019-11043), I found this:
    https://forum.netgate.com/topic/147590/cve-2019-11043/5

    I just had the feeling that the updates to pfSense are not frequent enough (I have it installed a couple of months now and I got no updates to the main software yet, only some packages). So, I was wondering if I was missing some critical maintenance action... I guess I can chill now... 😉

    Thanks. 🙂


Log in to reply