Netgate Security Advisory: CVE-2024-6387
-
@LesserBloops said in Netgate Security Advisory: CVE-2024-6387:
Could System Patches possibly be preinstalled as a placeholder in the future, so that when looking for updates to apply, it'll appear in the average user's package list?
This seems a reasonable suggestion.
-
@LesserBloops said in Netgate Security Advisory: CVE-2024-6387:
I had no idea System_Patches existed until happening upon this thread
Yeah .... well, scrap what's I've said above.
I'll rephrase, and express my real opinion :
It must be a package, so when an update exists, it will get flagged on the dashboard as 'update == patches' exist. That's the great thing about the pfSense package system.
I was wondering : why isn't this build into pfSense directly ? But that would mean that there will be another thing to check, pfSense packages updates and patches updates. Another dashboard widget ?
So : upon pfSense installation : advise the user to pick this package ?
Or, don't signal the admin, and install the package without admin consent ?
Humm, maybe not ...Right now, any package is installed with admin consent, as you have to install them 'ones'.
Parches proposed by this package are only mostly 'quality of live' amelioration. But ones in a while they are a must have, as it solves a real issue. Then the question doesn't exist anymore : people will find the forum for support, will find that there is a solution ... a patch, and so on ...
Real issues, like urgent software updates like (example) curl, unbound nginx etc etc (tyhese are not pfSense packages, but FreeBSD packages ! - or FreeBSD updates ported to their pfSense equivalent by Netgate ) are already getting updated using the command line ( SSH or console !! ) option 13.
@LesserBloops : I've got one for you : Auto update check, checks for updates to base system + packages and sends email alerts
"Install" that one also. You maybe not knowing it, but you need it
Btw : you will need to install the Cron pfSense package.This script file tells me, as I receive a mail, if anything has an upgrade waiting. Even pfSense itself.
-