From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.23 - Core Update 139 released Date: Thu, 09 Jan 2020 10:30:08 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2475011264214473561==" List-Id: --===============2475011264214473561== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://blog.ipfire.org/post/ipfire-2-23-core-update-139-released ATTENTION! You are receiving this email because you are subscribed to our ann= ouncement mailing list. This list is going to be shut down soon. To keep rece= iving important announcements like this one, please sign up at https://people= .ipfire.org/register, if you did not already do so. It is time for the first release of the year, IPFire 2.23 - Core Update 139. = It is packed with improvements, software updates, and many many bug fixes. Improved Booting & Reconnecting Dialup scripts have been cleaned up to avoid any unnecessary delays after the= system has been handed a DHCP lease from the Internet Service Provider. This= allows the system to reconnect quicker after loss of the Internet connection= and booting up and connecting to the Internet is quicker, too. Improvements to the Intrusion Prevention System Various smaller bug fixes have been applied in this Core Update which makes o= ur IPS a little bit better with every release. To take advantage of deeper an= alysis of DNS packets, the IPS is now informed about which DNS servers are be= ing used by the system.=20 TLS IPFire is configured as securely as possible. At the same time we focus on pe= rformance, too. For connections to the web user interface, we do not allow us= ing CBC any more. This cipher mode is begin to crack and the more robust GCM = is available. Whenever an SSL/TLS connection is being established to the firewall, we used = to prefer ChaCha20/Poly1305 as a cipher. Since AESNI is becoming and more and= more popular even on smaller hardware, it makes sense to prefer AES. A vast = majority of client systems support this as well which will allow to communica= te faster with IPFire systems and save battery power. Misc. =E2=80=A2 The microcode for Intel processors has been updated again to mitiga= te vulnerabilities from the last Core Update [1] =E2=80=A2 PC Engines APU LEDs are now controlled using the ACPI subsystem whi= ch is made possible using the latest BIOS version 4.10.0.3 =E2=80=A2 Captive Portal: Expired clients are now automatically removed =E2=80=A2 Dynamic DNS: Support for NoIP.com has been fixed in ddns 12 =E2=80=A2 Updated packages: Python 2.7.17, bash 5.0, bind 9.11.13, cpio 2.13,= libarchive 3.4.0, logwatch7.5.2, lz4 1.9.2, openvpn 2.4.8, openssh 8.1p1, re= adline 8.0 (and compat version 6.3), squid 4.9, unbound 1.9.5 Add-Ons =E2=80=A2 clamav has been updated to 0.102.1 which include various security f= ixes =E2=80=A2 libvirt has been updated to version 5.6.0 for various bug fixes or = feature enhancements and support for LVM has been enabled. =E2=80=A2 qemu has been updated to 4.1.0 =E2=80=A2 Various others: nano 4.6, postfix 3.4.8, spectre-meltdown-checker 0= .42 [1] https://blog.ipfire.org/post/ipfire-2-23-core-update-138-released --===============2475011264214473561==--