IPFire 2.19 - Core Update 104 is available for testing

by Michael Tremer, August 10, 2016

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Update:
The update was rebuild with kernel 3.14.79 because there are some network and filesystem fixes.
If you have installed core104 before 14.Sep you should set /opt/pakfire/db/core/mine back to 103 and reinstall the update.

—-

Finally, we uploaded IPFire 2.19 – Core Update 104 to the testing tree which makes it available for all the testers out there who want to help making this another bug-free update for IPFire.

This update brings you a new kernel under the hood and a from scratch rewritten Guardian.

Linux 3.14.74

The Linux kernel has been updated to version 3.14.74 and brings you various bug-fixes, stability improvements and supports more hardware.

Guardian

Gurdian is an Intrusion-Prevention-System that is hooked into SNORT, the Intrusion Detection System. It reacts on reported events by blocking access for hosts where malicious traffic was detected to originate from. That enables IPFire to be a dynamic firewall and block any abuse or other unwanted behaviour automatically.

Since the old implementation was quite old and rather limited, Stefan Schantl started a complete rewrite which is faster, more efficient in resource usage and of course more reliable.

If you want to use Gurdian, you will have to install the guardian add-on package.

This Core Update updates SNORT to version 2.9.8.2.

Misc

  • The IPFire web user interface is hardened against a potential environment variable injection attacked known under the name HTTPoxy. This was never possible to exploit in IPFire.
  • Dynamic DNS Updater
    • Add support for DuckDNS
    • Update URL for spdyn
  • OpenSSH has been updated to 7.3p1 which fixes various security issues
  • Updated packages: shadow 4.2.1, libarchive 3.2.1, libcap 2.25, acl 2.2.52, iputils s20160308, curl 7.49.1, popt 1.16, pcre 8.39, acpid 2.0.26, which 2.21, libtiff 4.0.6, ntp 4.2.8p8, wget 1.18
  • Correction of wrong spelled unit “bit”

Add-ons

Updated

  • htop 2.0.2
  • nano 2.6.1
  • nginx 1.8.1
  • p7zip fixes CVE-2016-2334, CVE-2016-2335

New packages

  • freeradius, console configuration only


As always, we would like to ask all users to participate in testing which will highly improve the quality of this update. Please report any bugs to our bug tracker and provide any feedback on our development mailing list.