pfSense® software release 2.1.2 follows less than a week after pfSense release 2.1.1. pfSense 2.1.2 is primarily a security release.
Security Fixes
The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:
- pfSense-SA-14_04.openssl
- FreeBSD-SA-14:06.openssl
- CVE-2014-0160 (Heartbleed)
- CVE-2014-0076 (ECDSA Flaw)
Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
Other Fixes
- On packages that use row_helper, when user clicks on an add or delete button, the page scrolls to top. #3569
- Correct a typo on function name in Captive Portal bandwidth allocation.
- Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale or invalid, and there is still a running instance.
- Fix for CRL editing. Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. #3591
You will want to perform a full security audit of your pfSense installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL, etc.
Note for AutoConfigBackup users - If you’re not already on the most recent AutoConfigBackup package version, make sure you upgrade it under System>Packages before upgrading to 2.1.2.