On Nov 30, 2007 3:14 AM, Linus Nordberg <[EMAIL PROTECTED]> wrote: > Hi, > > How are security issues in "upstream" software like the FreeBSD kernel > handled by the pfSense project? In the particular case of
If we determine there is a security issue in upstream software that impacts pfSense we'll roll a new point release. In the case of FreeBSD-SA-07:09.random, this isn't considered a critical issue. 1.2 release and any snapshots built after 2007-11-29 16:07:30 UTC will include the fix. Note that the advisory mentions that an attack would likely require local (ie. an account ON the system) access to exploit and this is not a remote root or security bypass attack per se. > FreeBSD-SA-07:09.random, I have two questions: > > - What parts of pfSense are affected by the bug? I realize that this > might be a big question. Potentially openssl library (openvpn, openssh, https access to mgmt interface), ipsec vpn. > - How should I do to get it fixed? I'm running the embedded image. Upgrade to latest snapshot if you are really concerned. Else wait until 1.2 is released. > I can see that rolling my own image would do it. Last time I looked > that didn't look exactly like a walk in the park though. Any pointers > to info about it are appreciated. It's not ;) The developers wiki and forum are your best resources for working through your own build. > I could use a snapshot, like > http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/embedded/pfSense.img.gz, > but how can I know if it includes some particular fix? In this case, Ask? Look at our cvstrac timeline and see if we committed a specific fix. Generically, our build server cranks out a new image every couple hours (remember that it has to build each platform individually and it takes about an hour per platform), so within a few hours of a specific commit, or upstream commit to FreeBSD, we'll pick it up in the snapshots. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]