As the first update of the year, we have bundled a number of package updates, security and bug fixes for you: IPFire 2.19 – Core Update 109
The DNS proxy which is working inside IPFire has been updated to
unbound 1.6.0 which brings various bug fixes. Therefore, QNAME minimisation and hardening below NX domains have been re-activated.
At start time, IPFire now also checks if a router in front of IPFire drops DNS responses which are longer than a certain threshold (some Cisco devices do this to “harden” DNS). If this is detected, the EDNS buffer size if reduced which makes unbound fall back to TCP for larger responses. This might slow down DNS slightly, but keeps it working after all in those misconfigured environments.
opensslhas been updated to 1.0.2k which fixes a number of security vulnerabilities with “moderate” severity
bind9.11.0-P2 with some security fixes,
squid3.5.24 which fixes various bugs,
libpnghas been updated to 1.2.57 which fixes some security vulnerabilities
libvirtto version 2.5 and
qemuto version 2.8
torhas been updated to 0.2.9.9 which fixes a number of denial-of-service vulnerabilities
sarghas been updated to 2.3.10
We are currently crowdfunding a Captive Portal for IPFire and would like you to ask to check it out and support us!
Please help us to support the work on IPFire Project with your donation.
Published by Michael Tremer, February 17, 2017 at 3:15 pm