IPFire 2.23 Core Update 134 is here to address the recently discovered SACK Panic (CVE-2019-11477 and CVE-2019-11478) security vulnerabilities, affecting Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. These are serious flaws and could allow remote attackers to cause a so-called SACK Panic attack (denial of service).
Among other changes include in this update, we can mention that the Captive Portal has been improved to show up after IPFire is restarted, the GCM cipher is now preferred over CBC for TLS connections, underscores are now supported for email addresses entered in the Web UI, and the French translation has been updated, as well as translates for various strings.
Besides patching the latest security vulnerabilities and fixing bugs, this maintenance release also updates various components to their latest versions. These include Bind 9.11.8, Unbound 1.9.2, and Vim 8.1. You can download IPFire 2.23 Core Update 134 right now through our website for new deployments, but existing users should update their installations using the built-in package management system.
Submitted by: Arnfried Walbrecht