* IPFire 2.15 - Core Update 84 released
@ 2014-10-16 9:36 The IPFire Project
0 siblings, 0 replies; only message in thread
From: The IPFire Project @ 2014-10-16 9:36 UTC (permalink / raw)
To: ipfire-announce
[-- Attachment #1: Type: text/plain, Size: 2800 bytes --]
http://www.ipfire.org/news/ipfire-2-15-core-update-84-released
This is the official release announcement for IPFire 2.15 – Core Update
84. This is a release that fixes some security issues in the GNU bash
package which are commonly known as "Shellshock" and comes with more
fixes and minor feature enhancements.
GNU bash fixes
As you may have already seen on the news, the Shellshock issues made
more people look into the code of the default shell of many *nix
systems. Those people found many more programming errors and provided
fixes for them which have been applied in this release. IPFire is now
shipping GNU bash 4.3.30 and the companion library readline in version
6.3.
squid web proxy
There have been some Denial-of-Service issues in the squid web proxy
which have been fixed in release 3.4.8. Those are of minor severity only
and quite possibly cannot be exploited to inject code.
Firewall changes
The firewall got a couple of new features which I explained in detail in
a post on the IPFire planet [1]. Both enhance the firewall to better
protect hosted services from Denial-of-Service attacks and similar
things by limiting the number of new connections that can be opened
within a certain span of time or by limiting the overall number of open
connections by a host on the Internet.
Using NAT for rules where the source and destination is in the same
subnet is now possible. Some code has been cleaned up and made more
robust. The firewall.local script will now also be reloaded when
settings of the firewall are changed on the web user interface.
P2P block
The P2P block feature of the firewall has not been very effective for
many protocols. The detection has now been improved and blocking
unwanted P2P protocols from your network works now much better but will
result in a bit more load.
DNS Proxy
dnsmasq, the DNS proxy working inside of IPFire, has been updated to
version 2.72 which includes some stability fixes and fixes some of the
crashes some IPFire users have been experiencing especially in
conjunction with (faulty) DNSSEC-enabled DNS recursors on the Internet.
Misc
* Applying static routes at boot has been improved, as sometimes not all
routes were correctly applied.
* URL-Filter
* The "safe search" feature has been fixed for Google News and been
introduced for Bing Search as well.
* Blocking downloads of files by extension has been improved, too.
* Some spelling fixes for the English language throughout the whole
web interface.
* parted has been updated to version 3.1.
Please support the IPFire project with your donation [2]. Your help is a
foundation of this project and very much appreciated by all
contributors.
[1] http://planet.ipfire.org/post/two-new-features-for-the-ipfire-firewall
[2] http://www.ipfire.org/donate
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-10-16 9:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-10-16 9:36 IPFire 2.15 - Core Update 84 released The IPFire Project
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox