Michael Tremer

IPFire 2.19 - Core Update 105 is available for testing
by Michael Tremer, Friday

With the last Core Update just being released a few days ago, it is time for the next one already. IPFire 2.19 – Core Update 105 patches a number of security issues in two cryptographic libaries: openssl and libgcrypt

OpenSSL Security Fixes

IPFire is now shipping openssl in version 1.0.2i which patches all of the above security vulnerabilities.

libgcrypt Security Flaws

Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316.


As always, we would like to encourage you to help us testing this release and we would like to roll it out to everyone as soon as possible.

Jonatan Schlag

Feature Spotlight: Libvirt
by Jonatan Schlag, September 18

Since 2011, we ship qemu as a package which makes it possible to virtualise another system on IPFire. This was very hard to use because there was no really nice way to create a new machine and to administrate them. Until now! After a lot of work and testing, I am happy to announce that libvirt is now available as a package for IPFire.

What is libvirt?

Libvirt is a library, which makes it very easy to administrate and control virtual machines, which are virtualised with qemu. It takes care of everything which is needed to control your VM: storage images, the network, the start and stop of the VMs, everything!

So what is the difference for IPFire users?

But there is also one huge issue with virtualization on IPFire:

Security

With every VM and every service inside a VM, the number of possibilities to attack and compromise your server grows. It is not impossible that somebody breaks out of the VM and damages your network, so be careful what you do. This should not make you scared, but you should know the risk.

We did our best to make the use of qemu and libvirt as safe as possible, but nothing can substitute a careful user. Of course this is an add-on as usual. So everyone can make the decision whether to use it or not on their own based on their risk evaluation which depends on the environment the IPFire system is running in. Of course a VM is cheaper to run than a second physical machine and sometimes you need an extra machine for testing and development; so there are good arguments on both sides.

How to get started?

If you now want to try out libvirt and qemu there are some things you should pay attention to:

And now, have fun with this great new feature!

Greetings Jonatan.

Arne Fitzenreiter

core104 testers: reinstall core104
by Arne Fitzenreiter, September 14

We has rebuild core104 with Linux kernel 3.14.79 because there are some critical network and filesystem fixes.
If you have installed core104 before 14.Sep set /opt/pakfire/db/core/mine back to 103 and reinstall the update.

Michael Tremer

IPFire 2.19 - Core Update 104 is available for testing
by Michael Tremer, August 10

Update:
The update was rebuild with kernel 3.14.79 because there are some network and filesystem fixes.
If you have installed core104 before 14.Sep you should set /opt/pakfire/db/core/mine back to 103 and reinstall the update.

—-

Finally, we uploaded IPFire 2.19 – Core Update 104 to the testing tree which makes it available for all the testers out there who want to help making this another bug-free update for IPFire.

This update brings you a new kernel under the hood and a from scratch rewritten Guardian.

Linux 3.14.74

The Linux kernel has been updated to version 3.14.74 and brings you various bug-fixes, stability improvements and supports more hardware.

Guardian

Gurdian is an Intrusion-Prevention-System that is hooked into SNORT, the Intrusion Detection System. It reacts on reported events by blocking access for hosts where malicious traffic was detected to originate from. That enables IPFire to be a dynamic firewall and block any abuse or other unwanted behaviour automatically.

Since the old implementation was quite old and rather limited, Stefan Schantl started a complete rewrite which is faster, more efficient in resource usage and of course more reliable.

If you want to use Gurdian, you will have to install the guardian add-on package.

This Core Update updates SNORT to version 2.9.8.2.

Misc

Add-ons

Updated

New packages


As always, we would like to ask all users to participate in testing which will highly improve the quality of this update. Please report any bugs to our bug tracker and provide any feedback on our development mailing list.

Hottest posts 2016 2015 2014 2013 2012 2011