From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.23 - Core Update 134 released Date: Wed, 03 Jul 2019 10:35:58 +0100 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0794610797174984019==" List-Id: --===============0794610797174984019== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://blog.ipfire.org/post/ipfire-2-23-core-update-134-released This is the official release announcement for IPFire 2.23 - Core Update 134. = This update ships security fixes in the Linux kernel for the "SACK Panic" att= ack as well as some other smaller fixes. SACK Panic (CVE-2019-11477 & CVE-2019-11478) The Linux kernel was vulnerable for two DoS attacks against its TCP stack. Th= e first one made it possible for a remote attacker to panic the kernel and a = second one could trick the system into transmitting very small packets so tha= t a data transfer would have used the whole bandwidth but filled mainly with = packet overhead. The IPFire kernel is now based on Linux 4.14.129, which fixes this vulnerabil= ity and fixes various other bugs. The microcode for some Intel processors has also been updated and includes fi= xes for some vulnerabilities of the Spectre/Meltdown class for some Intel Xeo= n processors. Misc. =E2=80=A2 Package updates: bind 9.11.8, unbound 1.9.2, vim 8.1 =E2=80=A2 The French translation has been updated by St=C3=A9phane Pautrel an= d translates various strings as well as improving some others =E2=80=A2 We now prefer other cipher modes over CBC when IPFire itself opens = a TLS connection. CBC is now considered to be substantially weaker than GCM. =E2=80=A2 Email addresses entered in the web UI can now contain underscores. =E2=80=A2 The Captive Portal now comes up properly after IPFire is being rebo= oted. --===============0794610797174984019==--