Since the new pkg system in pfSense® software enables us to update pieces of the system individually, rather than the monolithic updates of the past, we have released a patch that fixes the NTP CVEs covered by FreeBSD SA 16:16.ntp. Updating ntpd from 4.2.8p6 to 4.2.8p7 is the only change.

This update appears as 2.3_1, for update 1. This should not be confused with 2.3.1, which is a full maintenance release coming soon. 2.3_1 is only available for those already running 2.3 release.

Note for this update, your version number will remain the same afterwards, still showing as 2.3-RELEASE.

This update does not trigger a reboot. The NTP service needs to be manually restarted under Status>Services afterwards.

pfSense CE software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:


Downloads for New Installs

Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.

Supporting the Project

Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.

  • Official appliances direct from Netgate. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
  • Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
  • Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.