pfSense 2.2.1 is a security and bug-fix update of the project's FreeBSD-based specialist operating system for firewalls and router. Security fixes: pfSense-SA-15_02.igmp - integer overflow in IGMP protocol; pfSense-SA-15_03.webgui - multiple XSS vulnerabilities in the pfSense WebGUI; pfSense-SA-15_04.webgui - arbitrary file deletion vulnerability in the pfSense WebGUI; FreeBSD-EN-15:01.vt - vt(4) crash with improper ioctl parameters; FreeBSD-EN-15:02.openssl - update to include reliability fixes from OpenSSL. A note on the OpenSSL 'FREAK' vulnerability: does not affect the web server configuration on the firewall as it does not have export ciphers enabled. pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability. If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected.
About pfSense
pfSense is a m0n0wall-derived operating system. It uses Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished), ALTQ for excellent packet queuing, and an integrated package management system for extending the environment with new features.