This is the official release announcement for IPFire 2.19 – Core Update 104.
This update brings you a new kernel under the hood and a from scratch rewritten Guardian.

Linux 3.14.79

The Linux kernel has been updated to version 3.14.79 and brings you various bug-fixes, stability improvements and supports more hardware.

Guardian

Gurdian is an Intrusion-Prevention-System that is hooked into Snort, the Intrusion Detection System. It reacts on reported events by blocking access for hosts where malicious traffic was detected to originate from. That enables IPFire to be a dynamic firewall and block any abuse or other unwanted behaviour automatically.

Since the old implementation was quite old and rather limited, Stefan Schantl started a complete rewrite which is faster, more efficient in resource usage and of course more reliable.

If you want to use Gurdian, you will have to install the guardian add-on package.

This Core Update updates Snort to version 2.9.8.2.

Misc

  • The IPFire web user interface is hardened against a potential environment variable injection attacked known under the name HTTPoxy. This was never possible to exploit in IPFire.
  • Dynamic DNS Updater
    • Add support for DuckDNS
    • Update URL for spdyn
  • OpenSSH has been updated to 7.3p1 which fixes various security issues
  • Updated packages: shadow 4.2.1, libarchive 3.2.1, libcap 2.25, acl 2.2.52, iputils s20160308, curl 7.49.1, popt 1.16, pcre 8.39, acpid 2.0.26, which 2.21, libtiff 4.0.6, ntp 4.2.8p8, wget 1.18
  • Correction of wrong spelled unit “bit”

Add-ons

Updated

  • htop 2.0.2
  • nano 2.6.1
  • nginx 1.8.1
  • p7zip fixes CVE-2016-2334, CVE-2016-2335

New packages

  • Indepently from this Core Update, libvirt has been released as a new add-on. Read all about it on its IPFire Planet post.
  • freeradius, console configuration only


A note to all testers: Please reinstall the final update if you have not installed it from the testing tree within the last few days. During the time of testing this update, the image has been changed and additional bugs have been fixed.


We are currently crowdfunding a Captive Portal for IPFire and would like you to ask to check it out and support us!


Please help us to support the work on IPFire Project with your donation.



Published by Michael Tremer, September 20, 2016 at 6:42 pm