From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.15 - Core Update 84 released Date: Thu, 16 Oct 2014 11:36:15 +0200 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6712597629354461600==" List-Id: --===============6712597629354461600== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit http://www.ipfire.org/news/ipfire-2-15-core-update-84-released This is the official release announcement for IPFire 2.15 – Core Update 84. This is a release that fixes some security issues in the GNU bash package which are commonly known as "Shellshock" and comes with more fixes and minor feature enhancements. GNU bash fixes As you may have already seen on the news, the Shellshock issues made more people look into the code of the default shell of many *nix systems. Those people found many more programming errors and provided fixes for them which have been applied in this release. IPFire is now shipping GNU bash 4.3.30 and the companion library readline in version 6.3. squid web proxy There have been some Denial-of-Service issues in the squid web proxy which have been fixed in release 3.4.8. Those are of minor severity only and quite possibly cannot be exploited to inject code. Firewall changes The firewall got a couple of new features which I explained in detail in a post on the IPFire planet [1]. Both enhance the firewall to better protect hosted services from Denial-of-Service attacks and similar things by limiting the number of new connections that can be opened within a certain span of time or by limiting the overall number of open connections by a host on the Internet. Using NAT for rules where the source and destination is in the same subnet is now possible. Some code has been cleaned up and made more robust. The firewall.local script will now also be reloaded when settings of the firewall are changed on the web user interface. P2P block The P2P block feature of the firewall has not been very effective for many protocols. The detection has now been improved and blocking unwanted P2P protocols from your network works now much better but will result in a bit more load. DNS Proxy dnsmasq, the DNS proxy working inside of IPFire, has been updated to version 2.72 which includes some stability fixes and fixes some of the crashes some IPFire users have been experiencing especially in conjunction with (faulty) DNSSEC-enabled DNS recursors on the Internet. Misc * Applying static routes at boot has been improved, as sometimes not all routes were correctly applied. * URL-Filter * The "safe search" feature has been fixed for Google News and been introduced for Bing Search as well. * Blocking downloads of files by extension has been improved, too. * Some spelling fixes for the English language throughout the whole web interface. * parted has been updated to version 3.1. Please support the IPFire project with your donation [2]. Your help is a foundation of this project and very much appreciated by all contributors. [1] http://planet.ipfire.org/post/two-new-features-for-the-ipfire-firewall [2] http://www.ipfire.org/donate --===============6712597629354461600== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC Q2dBR0JRSlVQNUdQQUFvSkVJQjU4UDl2a0FrSFFiWVAvMFZHelZMeGQ5OU93N3I4cXJDbVFnK2EK RUg5UXZzUnlwQmdHWHlqZFl6bXBTRVlhaFBOOFozaFI1Q3FXakMxM0JGYThIdE9qTkFxYWxWUGJk R2VtVjhBRgpQenVmaHFkSU0xYjBYaTZsYmxMajg0VHFWT1B4akFIREZCeVZZb2Mza0pNeG5oWjVp akdTcCtneDdyd3ZReUZZCjI1K3lid3FKTVJWYUdXRmxqL3pPdm9KQnVCckhRbVhpSGRkclBrR3Vr RmVJQ21OdHJyMjBRQTdKRVZBSUFuZWkKMDg3UkpjYVVRbU4zbDJ0enZCeThBbXVLSUdpWWtDV0g4 VmRsZkhpMkoydXg4c2dZcjh4eGNYYTFIT1ZyQTdULwpTZ0RydUgwaWZmYmxjNml1N1JOZlY1WkU2 Sjl2QXliTnlGb1J3b0Zzbyt3T1YvTmlhYnVDamdaQmwrQWdJSHozCmpPNTZ5SWdBdUwva1ZVenpn ZFpUUXNWZUZWcjFOWmFiZGUxQ0l0OWZFZVRqaDYyTkhBRmNKY0lmN2ZaMGFUL2gKSVk5a2tXVlNs bXNIRGRLQnpmYzg4by9iZWt4ZmQ4alBrY1NJdHdjTk4zYzA1WlhTVzNzc25IcGF1QWZXQWVvOQpS SGV6b0J4Tks0U0JwNUN1S1lPRHljM0RXVmllRkx6MmZGZnErV1A2bUhDOFlHRkl2Rld5eWtpY0JB OHlqU2ZZCjJKZmlReGl4bTJPU20vMGpmM3JGUEJueEZWbFRrNzd3MWFwUC8xK1BsRllVL1hxTlV1 czM2ZnZiV3BjaXVwa0IKTmF1NnZ6TDBZdmFXM0k1a0tZSXVhWUtNeEI1enRhd01xWjN6cWhuZ29y MG9wanlGTFNBd2w1V25hVEZqaWxGUQpIenlWcWxES2UxQnVSdSs0NlNESAo9S3NoRwotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============6712597629354461600==--