IPFire 2.19 - Core Update 109 is available for testing

by Michael Tremer, February 4, 2017

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

The next Core Update with number 109 has been released for testing. It comes with a number of package updates which include security fixes and bug fixes all across the place.

DNS Fixes

The DNS proxy which is working inside IPFire has been updated to unbound 1.6.0 which brings various bug fixes. Therefore, QNAME minimisation and hardening below NX domains have been re-activated.

At start time, IPFire now also checks if a router in front of IPFire drops DNS responses which are longer than a certain threshold (some Cisco devices do this to “harden” DNS). If this is detected, the EDNS buffer size if reduced which makes unbound fall back to TCP for larger responses. This might slow down DNS slightly, but keeps it working after all in those misconfigured environments.

Misc.

  • openssl has been updated to 1.0.2k which fixes a number of security vulnerabilities with “moderate” severity
  • The kernel is now supporting some newer eMMC modules
  • The backup script is now working more reliably on all architectures
  • The network scripts that created MACVTAP bridges for virtualisation among other things now support standard 802.3 bridges, too
  • The firewall GUI denied creating subnets which were a subnet of any of the standard networks which has been fixed
  • Matthias Fischer submitted package updates for: bind 9.11.0-P2 with some security fixes, libpcap 1.8.1, logrotate 3.9.1, perl-GeoIP module 1.25, snort 2.9.9.0, squid 3.5.24 which fixes various bugs, sysklogd 1.5.1, zlib 1.2.11
  • Furthermore, libpng has been updated to 1.2.57 which fixes some security vulnerabilities

Add-ons

  • Jonatan Schlag packaged Python 3 for IPFire
  • He also updated libvirt to version 2.5 and qemu to version 2.8
  • Matthias Fischer submitted a number of updates for the following packages: nano 2.7.2, tcpdump 4.8.1, tmux 2.3
  • tor has been updated to 0.2.9.9 which fixes a number of denial-of-service vulnerabilities
  • sarg has been updated to 2.3.10


As always, we would like to ask all users to participate in testing which will highly improve the quality of this update.

Please report any bugs to our bug tracker and provide any feedback on our development mailing list.