14 DAY TRIAL // The IPFire open-source, hardened, and versatile Linux firewall has been updated to version IPFire 2.23 Core Update 132, a maintenance release that patches the latest Intel vulnerabilities and updates core components.
IPFire 2.23 Core Update 132 is more like an emergency release that ships with an updated Linux kernel, version 4.14.120, which is patched against the recently disclosed Intel MDS (Microarchitectural Data Sampling) security vulnerabilities known as RIDL, Fallout, and ZombieLoad, as well as an updated intel-microcode firmware, version 20190514.
"Additionally, to mitigate this bug which cannot be fixed at all, SMT is disabled by default on all affected processors which has significant performance impacts," said Michael Tremer in the release announcement. "Please note, that Intel unfortunately is not releasing microcode for all processors any more and so you might still be vulnerable. To apply the fixes, please reboot your system."
A new GUI was implemented as well in this IPFire release to notify users to which attacks their hardware is vulnerable and if mitigations are applied or not. IPFire 2.23 Core Update 132 also comes with a new graphical interface to allow users to configure VLAN interfaces for zones, as well as to set up a zone in bridge mode.
Updated components, bug fixes
Among other changes included in IPFire 2.23 Core Update 132, we can mention that the Suricata IPS now supports systems with more than 16 CPU cores, GCM mode is now preferred instead of CBC for the web UI to improve its security, OpenVPN has been improved for better security as well, Suricata's log entries are now visible in the system log section, and a cross-site scripting vulnerability was fixed in the Captive Portal.
Updated components included in this release are BIND 9.11.6-P1, dhcpcd 7.2.2, igmpproxy 0.2.1, Knot 2.8.1, libedit 20190324-3.1, TOR 0.4.0.5, and Zabbix 4.2.1. The wireless AP add-on has been updated as well with DFS support, Automatic Channel Selection, and Management Frame Protection. You can download IPFire 2.23 Core Update 132 right now via our free software portal or update your existing installations.