unbound: 1.9.6 -> 1.10.1 [pfSense]

Gertjan

pfSense told me this morning :

Notifications in this message: 1
================================

9:01:08 

Some packages are part of the base system and will not show up in Package Manager.
If any such updates are listed below, run `pkg upgrade` from the shell to install
them:

unbound: 1.9.6 -> 1.10.1 [pfSense]
bind-tools: 9.14.9 -> 9.14.12 [pfSense]

Note : these are close-to-FreeBSD-native packages, re-shrink-wrapped by 'pfSense/Netgate', and art of the pfSense core files, not to be mixed up with packages available under the "Package Manager".

Also : can't tell right now if 1.10.1 is 'better' as 1.9.6. It will probably be marvellous for most of us. Horrible for some.

edit :

May 21 10:51:35 	unbound 	84460:0 	info: start of service (unbound 1.10.1).

This version is the latest and greatest as of today https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-10-1

jimp

https://redmine.pfsense.org/issues/10576

bcruze

so for us standard pfsense users. we can ignore this since it will be included in p1 of 2.4.5?

jimp

It will be included in 2.4.5-p1, but you can obtain the fix now if you want to install it now. If you believe your configuration or environment would be vulnerable to the attack described in the CVE, you should update and restart unbound.

bcruze

in reading the 2nd to last post here; https://forum.netgate.com/topic/140637/update-pfsense-packages-to-protect-against-nginx-libzmq4-and-curl-vulnerabilities/22

is there anything against running that command to update unbound?

jimp

While it should be OK, it is safer to run it from a shell prompt (console or ssh) and not via the GUI.