This is the release announcement for IPFire 2.27 - Core Update 166. It fixes the recently introduced backup issue and patches a security vulnerability in zlib.
zlib memory corruption on DEFLATE
CVE-2018-25032 has been assigned to an issue that allowed an attacker with some chosen content to crash the compressor. We do not believe that this is exploitable in IPFire.
We urge everyone to install this update as soon as possible and if you enjoy using IPFire, please donate.