Security 10809 Published by

IPFire 2.29 - Core Update 183 has been released. IPFire is a powerful and professional Open Source firewall solution.



IPFire 2.29 - Core Update 183 released

IPFire 2.29 - Core Update 183 has been released. It's a new major version with a new look, a fresh kernel based on Linux 6.6, a large number of package updates as well as improvements and bug fixes throughout the entire system.

But before we start talking about the changes in detail, we would like to take a moment and ask for your  donation. We put a lot of effort into building and testing this update and could not do any of this without your donation. Please, donate to the project helping us to put more resources to bring you more and better updates. It is very much appreciated by all of us here!

Our Fresh Look

The new look of IPFire is not only coming to our brand new website - it is also coming to IPFire itself. Refreshed with new colors, a fresh font, and many smaller touches to make the web user interface, making IPFire easy to use and allows finding the options that you need at the first glance. On top of this, some smaller usability improvements have been implemented across the web user interface.

A New Kernel

IPFire is now based on Linux 6.6.15. Since the last rebase from 6.1, a lot of new features have arrived in Linux which are now available on IPFire, too. The kernel developers have been very busy improving performance throughout the entire kernel.

Misc.

  • OpenSSL, the central library for cryptography in user space in IPFire, has been updated to version 3.2.1. This update enforces that RSA keys are at least 2048 bits long, which might still be in use on very old installations. This update will re-generate a new set of RSA keys on those systems. It is very unlikely that this key will ever be used as the IPFire web user interface prefers using elliptic curve cryptography with ECDSA.
  • A heap buffer overflow in the syslog function of glibc has been patched ( CVE-2023-6246 CVE-2023-6779 CVE-2023-6780).
  • GRUB, our bootloader, has been updated to version 2.12. There have been various issues being reported with some hardware compatibility and consequently the update has been rolled back in the last update. We are confident that the improvements that have been made address all of these reported problems.
  • The timezone database has been updated to version 2023d
  • Updated packages: BIND 9.16.45, cpio 2.14, fontconfig 2.15.0, GnuTLS 3.8.2, iptables 1.8.10, iputils 20231222, kmod 31, libgcrypt 1.10.3, libhtp 0.5.46, libnl-3 3.9.0, libseccomp 2.5.5, libssh 0.10.6, libxml2 2.12.3, lmdb 0.9.31, lsof 4.99.3, meson 1.3.1, OpenSSH 9.6p1, p11-kit 0.25.3, qpdf 11.7.0, strongSwan 5.9.13, sudo 1.9.15p5, Suricata 6.0.16

Add-Ons

  • Add mympd 13.0.6: a bootstap based webgui to control mpd
  • Updated packages: cifs-utils 7.0, Git 2.43.0, haproxy 2.8.5, htop 3.3.0, iperf3 3.16, libplist 2.3.0, nfs 4.6.4, nqptp 1.2.4, Postfix 3.8.4, Samba 4.19.3, shairport-sync 4.3.2, Tor 0.4.8.10
  • Deprecation of the icinga package: The version that is being shipped is based on the 1.x branch which has reached its EOL in 2018. As there are not enough users to make an upgrade to Icinga 2.x worthwhile, we are now deprecating this package and planning a removal with Core Update 185.

IPFire 2.29 - Core Update 183 released