* IPFire 2.17 - Core Update 96 released
@ 2016-01-20 23:12 The IPFire Project
0 siblings, 0 replies; only message in thread
From: The IPFire Project @ 2016-01-20 23:12 UTC (permalink / raw)
To: ipfire-announce
[-- Attachment #1: Type: text/plain, Size: 3240 bytes --]
http://www.ipfire.org/news/ipfire-2-17-core-update-96-released
This is the official release announcement for IPFire 2.17 – Core Update
96. This update comes with many smaller changes and security fixes.
Ramdisk usage change
IPFire uses round-robin databases to collect system data and generate
beautiful graphs. The databases have usually been kept in memory. This
change was made in early versions of IPFire to keep the amount of
writes to the block device to a minimum. However, the number of the
databases has been growing and many systems don’t have enough capacity
in memory. The objective was also that ordinary flash storage is quite
slow. These systems are now however less commonly used which makes this
change unnecessary.
To give an example, many of the ALIX boards use very slow compact flash
storage and do only have 256 or even 128 MB of memory. So neither is
really an option. Systems you will purchase today usually come with
fast SSD storage and a few gigabytes of memory. So both is a viable
option to store these databases.
New installed IPFire systems will now only use the persistent storage
to store these database files. All updates systems will stick with the
old behaviour if they have about 512 MB of RAM or more. Otherwise
upgraded systems will also fall back to the persistent storage.
Misc
* openssl has been updated to version 1.0.2e which fixes various
security vulnerabilities: CVE-2015-3193, CVE-2015-3194,
CVE-2015-3195, CVE-2015-3196
* The NTP service was unable to communicate with the local clock and
therefore not able to provide time to the network.
* strongswan is updated to version 5.3.5 which fixes various security
issues
* The connection list in the web user interface when IPsec subnets
with multiple local or remote subnets are used.
* The firewall engine handles SNAT rules more restrictive and avoids
overmatching of packages that are sent over an IPsec network
* Various patches to improve dnsmasq have been imported from upstream
* curl wasn’t able to validate publicly signed SSL certificates
because it could not find the certificate store. This is now fixed.
* dma, the internal mail agent, now handles authentication against
remote mail servers better due to a patch sent to the project by the
IPFire developers
* Support for cryptodev has been dropped
* mdadm has been updated to version 3.3.4, arping has been updated to
version 2.15, rrdtool has been updated to version 1.5.5,
libnet 1.1.6 is now shipped with the core distribution
* On x86-based systems, GRUB, the bootloader, has been patched against
an integer overflow vulnerability filed under CVE-2015-8370 which
allowed users to bypass authentication after pressing backspace for
28 times
* Snort now also monitors alias address on red if any have been
configured
* The Turkish translation has been updated
Updated add-ons
* nano has been updated to 2.5.0
* Midnight Commander has been updated to 4.8.15
* clamav has been updated to version 0.99
* openvmtools have been updated to version 10.0.5
* squid-accounting has received minor bug fixes
* tripwire has been dropped
Please support the IPFire project and don't forget to donate:
http://www.ipfire.org/donate
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-01-20 23:12 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-20 23:12 IPFire 2.17 - Core Update 96 released The IPFire Project
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox