IPFire 2.19 - Core Update 101 released

The IPFire Project ipfire-announce at lists.ipfire.org
Mon May 2 22:54:20 CEST 2016


http://www.ipfire.org/news/ipfire-2-19-core-update-101-released

This is the official release announcement for IPFire 2.19 – Core Update 101.

This update contains various security fixes and bug fixes. These are the changes
in detail:


Cross-Site-Scripting Vulnerability and Remote Code Execution in the IPFire Web
User Interface

Yann Cam, an independent security researcher, discovered [1] to vulnerabilities
in the IPFire Web User interface that could be used in some circumstances. In
the ipinfo.cgi file, a cross-site scripting attack could be executed on logged
in users and in two more CGI files (proxy.cgi and chpasswd.cgi), a remote code
execution vulnerability was found which allowed attackers to use the
aforementioned cross-site scripting attack to execute shell commands as an
unprivileged user on the IPFire system.

These attacks are only possible to perform on an admin’s computer and only in
that instance when the administrator is logged in to the web user interface. Of
course we recommend to install this update as soon as possible to close these
vulnerabilities.

We would like to thank Yann to look closely at the IPFire code and help us to
improve it and we would like to invite everyone who wants to do so as well and
report any bugs or security vulnerabilities that they may find.


Security Fixes in other packages

The web proxy squid was patched against a vulnerability filed under CVE-2016-
3947 that cannot be exploited in IPFire.


Connection Tracking Issues

On many systems, some protocols that require special care by the connection
tracking implementation failed to traverse NAT. These include FTP, SIP and PPTP
and where unfortunately not discovered in the testing phase of Core Update 100
before.

Those connection tracking helpers are now enabled by default on all migrated
systems.


Misc.

* installer: A bug on x86_64 systems let the EXT4 filesystem creation fail if a
  previous XFS filesystem was installed on the target partition before.
* dmidecode was added on x86. A tool to read information from the BIOS.
* Fix 40 MHz channel bandwidth usage in some Atheros WiFi modules (ath9k).
* Fix miscompiled 802.11 stack in the Raspberry Pi kernel.
* Updated packages: bind utils 9.10.3-P4, dma 0.11, e2fsprogs 1.42.13, gmp
  6.0.1, grep 2.23, libxml2 2.9.3, mpfr 3.1.3, nettle 3.2, patch 2.7.5, paxctl
  0.9, pciutils 3.4.1, pkg-config 0.29, pcre 8.38, texinfo 5.2


Add-ons

New packages: iperf3, mcelog


Updated packages

Please note the recent security updates in the samba package [2].

* asterisk 11.21.1 (including libsrtp 1.5.4)
* bwm-ng 0.6.1
* clamav 0.99.1
* git 2.7.4
* htop 2.0.1
* lcdproc 0.5.7
* nano 2.5.3

We are currently crowdfunding a Captive Portal for IPFire [3] and would like you
to ask to check it out and support us!

Please help us to sustain the work on IPFire Project with your donation [4].

[1] https://bugzilla.ipfire.org/show_bug.cgi?id=11087
[2] http://planet.ipfire.org/post/samba-3-6-25-61-badlock-patch-in-testing
[3] http://wishlist.ipfire.org/wish/the-ipfire-captive-portal
[4] http://www.ipfire.org/donate


More information about the IPFire-Announce mailing list