pfSense release 2.1.2 follows less than a week after pfSense release 2.1.1. pfSense 2.1.2 is primarily a security release.
The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:
- CVE-2014-0160 (Heartbleed)
- CVE-2014-0076 (ECDSA Flaw)
Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
Read the rest of this entry »