This is the official release announcement for IPFire 2.17 – Core Update 94 which is a release with smaller security fixes and a maintenance release in general.
OpenSSH was updated to version 7.1p1. With that we added support for elliptic curves (ECDSA and ED25519) and removed support for DSA which is considered broken. Too small RSA keys are removed as well and regenerated. These changes may require to import the keys of the IPFire system on your admin computer again.
An internal mail agent was added that is used by internal services to send out reports or alerts. So far only a few services use this (like the squid accounting add-on), but we expect to add more things in the future.
This is a very simple and lightweight mail agent that can be configured on the web user interface and will usually require an upstream mail server.
A new checkbox in the advanced settings page of an IPsec connections has been added. It allows to force using MOBIKE, a technology for IPsec to traverse NAT better. Sometimes when behind faulty routers, IPsec connections can be established, but no data can be transferred and the connection breaks very quickly (some routers have difficulties with forwarding DPD packets). MOBIKE circumvents that by using UDP port 4500 for IKE messages.
bind 9.10.2-P4, coreutils 8.24, dnsmasq got the latest changes imported, file 5.24, glibc (security fixes), hdparm 9.48, iproute2 4.2.0, libgcrypt 1.6.4, libgpg-error 1.20, pcre (fixes for more buffer overflows), rrdtool 1.5.4, squid 3.4.14
This update does not require a reboot, though it is recommended.
Please help us to sustain the work on IPFire Project with your donation.
Published by Michael Tremer, October 27, 2015 at 9:15 pm