From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.19 - Core Update 109 released
Date: Fri, 17 Feb 2017 15:19:09 +0000 [thread overview]
Message-ID: <mailman.172.1487344924.1219.ipfire-announce@lists.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2368 bytes --]
http://www.ipfire.org/news/ipfire-2-19-core-update-109-released
As the first update of the year, we have bundled a number of package updates,
security and bug fixes for you: IPFire 2.19 – Core Update 109
DNS Fixes
The DNS proxy which is working inside IPFire has been updated to unbound 1.6.0
which brings various bug fixes. Therefore, QNAME minimisation and hardening
below NX domains have been re-activated.
At start time, IPFire now also checks if a router in front of IPFire drops DNS
responses which are longer than a certain threshold (some Cisco devices do this
to “harden” DNS). If this is detected, the EDNS buffer size if reduced which
makes unbound fall back to TCP for larger responses. This might slow down DNS
slightly, but keeps it working after all in those misconfigured environments.
Misc.
* openssl has been updated to 1.0.2k which fixes a number of security
vulnerabilities with “moderate” severity
* The kernel is now supporting some newer eMMC modules
* The backup script is now working more reliably on all architectures
* The network scripts that created MACVTAP bridges for virtualisation among
other things now support standard 802.3 bridges, too
* The firewall GUI denied creating subnets which were a subnet of any of the
standard networks which has been fixed
* Matthias Fischer submitted package updates for: bind 9.11.0-P2 with some
security fixes, libpcap 1.8.1, logrotate 3.9.1, perl-GeoIP module 1.25,
snort 2.9.9.0, squid 3.5.24 which fixes various bugs, sysklogd 1.5.1,
zlib 1.2.11
* Furthermore, libpng has been updated to 1.2.57 which fixes some security
vulnerabilities
Add-ons
* Jonatan Schlag packaged Python 3 for IPFire
* He also updated libvirt to version 2.5 and qemu to version 2.8
* Matthias Fischer submitted a number of updates for the following packages:
nano 2.7.2, tcpdump 4.8.1, tmux 2.3
* tor has been updated to 0.2.9.9 which fixes a number of denial-of-service
vulnerabilities
* sarg has been updated to 2.3.10
We are currently crowdfunding a Captive Portal [1] for IPFire and would like you
to ask to check it out and support us!
Please help us to support the work on IPFire Project with your donation [2].
[1] http://wishlist.ipfire.org/wish/the-ipfire-captive-portal
[2] http://www.ipfire.org/donate
reply other threads:[~2017-02-17 15:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.172.1487344924.1219.ipfire-announce@lists.ipfire.org \
--to=ipfire-announce@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox