14 DAY TRIAL // Michael Tremer announced the release of IPFire 2.23 Core Update 134, a new maintenance update to the open-source, hardened, and versatile Linux-based firewall that adds the latest security fixes and component updates.
IPFire 2.23 Core Update 134 is here to address the recently discovered SACK Panic (CVE-2019-11477 and CVE-2019-11478) security vulnerabilities, affecting Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. These are serious flaws and could allow remote attackers to cause a so-called SACK Panic attack (denial of service).
"The Linux kernel was vulnerable for two DoS attacks against its TCP stack. The first one made it possible for a remote attacker to panic the kernel and a second one could trick the system into transmitting very small packets so that a data transfer would have used the whole bandwidth but filled mainly with packet overhead," said Michael Tremer in the release announcement.
Updated components and other improvements
Among other changes include in this update, we can mention that the Captive Portal has been improved to show up after IPFire is restarted, the GCM cipher is now preferred over CBC for TLS connections, underscores are now supported for email addresses entered in the Web UI, and the French translation has been updated, as well as translates for various strings.
Besides patching the latest security vulnerabilities and fixing bugs, this maintenance release also updates various components to their latest versions. These include Bind 9.11.8, Unbound 1.9.2, and Vim 8.1. You can download IPFire 2.23 Core Update 134 right now through our website for new deployments, but existing users should update their installations using the built-in package management system.