IPFire 2.27 - Core Update 181 is available for testing
It is time to test the latest version of IPFire: It comes with a large number of security updates in OpenSSL, Suricata, Apache & Samba as well as a number of kernel fixes.
Under The Hood
This update features yet another kernel update based on Linux 6.1.61. It brings various security & stability fixes as well as improving IOMMU handling on ARM. To improve security, we have followed Google and disabled io_uring for the time being as it seems to have a lot of security issues.
We have also switched from eudev to the upstream udev which is now part of systemd as eudev is no longer maintained and was lagging behind upstream.
Security Updates
- OpenSSL 3.1.4: The OpenSSL project announced a security vulnerability ( CVE-2023-5363)
- suricata 6.0.15: This update patches a potential denial-of-service vulnerability in the MIME decoder
- Apache 2.4.58 patches a number of security issues in the HTTP/2.0 engine ( CVE-2023-45802, CVE-2023-43622 & CVE-2023-31122)
- Samba 4.19.2: Various security issues have been fixed which could be exploited to cause data loss and elevate privileges ( CVE-2023-3961, CVE-2023-4091, CVE-2023-4154, CVE-2023-42669 & CVE-2023-42670)
Misc.
- A long standing issue in OpenVPN has been fixed where the web UI offered to download a configuration package in an incorrect format when no password was configured ( #11048)
- Other package updates: lynis 3.0.9, Postfix 3.8.2, sysvinit 3.08, Tor 0.4.8.7, Zabbix Agent 6.0.22
Michael Tremer has announced the availability of IPFire 2.27 - Core Update 181 for testing. IPFire is a powerful and professional Open Source firewall solution.