@ July 31, 2015

Hello everyone,

This is 15.7.6 due to several security advisories for FreeBSD as well as
OpenSSH and Bind problems.  Reference links are provided for external
issues as always.  More crash reports came in for issues that date back
to as much as a few years long before we started OPNsense.  We are very
happy for the chance to finally flush them out of the code base.

The update requires a reboot.  Here are the full patch notes:

o src: shell injection vulnerability in patch(1)[1]
o src: resource exhaustion in TCP reassembly[2]
o src: OpenSSH multiple vulnerabilities[3]
o ports: phalcon 2.0.6[4], openssh 6.9p1[5], bind 9.10.2P3[6], dnsmasq 2.74[7]
o opnsense-update: can now replace mirror locations
o crash reporter: fixed numerous remotely-submitted warnings and bugs
o universal plug and play: fixed concurrent enable for UPnP and NAT-PMP (contributed by Chong Cheung)
o intrusion detection: reload general settings after download
o intrusion detection: revised rule and ruleset toggle
o firmware: better upgrade reboot detection
o proxy: fix service start when IPv6 was disabled via system settings
o system: revised the VLAN acceleration disable option to properly unset the interface flags


Stay safe,
Your OPNsense team

--
[1] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc
[2] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc
[3] https://www.freebsd.org/security/advisories/FreeBSD-SA-15:16.openssh.asc
[4] https://github.com/phalcon/cphalcon/releases/tag/phalcon-v2.0.6
[5] http://www.openssh.com/txt/release-6.9
[6] https://kb.isc.org/article/AA-01280/81/BIND-9.10.2-P3-Release-Notes.html
[7] http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
