Just a couple of days after the release of IPFire 2.21 - Core Update 130, the next release is available. This is an emergency update with various bug fixes and a large number of security fixes.

Security

IPFire 2.21 - Core Update 130 contains security updates for the following packages:

  • Apache 2.4.39: The Apache Web Server, which runs the IPFire Web User Interface, was vulnerable for various privilege escalations (CVE-2019-0211), access control bypasses (CVE-2019-0215, CVE-2019-0217), DoS attacks (CVE-2019-0197), buffer overflow (CVE-2019-0196) and a URL normalisation inconsistency (CVE-2019-0220). They are all regarded to be of "low" severity.
  • wget 1.20.3: wget has had multiple vulnerabilities that allowed an attacker to execute arbitrary code (CVE-2019-5953).
  • clamav 0.101.2: ClamAV, the virus scanner, has had multiple vulnerabilities that allowed DoS and a buffer overflow in a bundled third-party library.

Although some of these vulnerabilities are only of low severity, we recommend to install this update as soon as possible!

IPsec Regression

The last update introduced a regression in the IPsec stack that caused that the firewall could no longer access any hosts on the remote side when the tunnel was run in tunnel mode without any VTI/GRE interfaces. This update fixes that.


Today, we have updated IPFire on AWS to IPFire 2.21 - Core Update 129 - the latest official release of IPFire.

This update brings you of course all the features that come with this new version and helps you to avoid updating a newly installed system.

AWS

This update makes the latest features in IPFire available on AWS:

Routed IPsec VPNs

This feature is going to be very interesting for people with need of high availability. Redundant instances of IPFire can now terminate IPsec tunnels in multiple Availability Zones and route traffic dynamically with BGP or other dynamic routing protocols.

This way, you will always have a connection from your office, your other data centre to your Amazon Cloud that will never let you down.

How to update?

For all customers that are already running on the latest image, there is nothing to do here but to make sure that you have all updates installed on your instance. New systems should of course be installed with

Go to IPFire on AWS


Just a couple of days after the release of IPFire 2.21 - Core Update 130, the next release is available for testing. This is an emergency update with various bug fixes and a large number of security fixes.

Security

IPFire 2.21 - Core Update 130 contains security updates for the following packages:

  • Apache 2.4.39: The Apache Web Server, which runs the IPFire Web User Interface, was vulnerable for various privilege escalations (CVE-2019-0211), access control bypasses (CVE-2019-0215, CVE-2019-0217), DoS attacks (CVE-2019-0197), buffer overflow (CVE-2019-0196) and a URL normalisation inconsistency (CVE-2019-0220). They are all regarded to be of "low" severity.
  • wget 1.20.3: wget has had multiple vulnerabilities that allowed an attacker to execute arbitrary code (CVE-2019-5953).
  • clamav 0.101.2: ClamAV, the virus scanner, has had multiple vulnerabilities that allowed DoS and a buffer overflow in a bundled third-party library.

Although some of these vulnerabilities are only of low severity, we recommend to install this update as soon as possible!

IPsec Regression

The last update introduced a regression in the IPsec stack that caused that the firewall could no longer access any hosts on the remote side when the tunnel was run in tunnel mode without any VTI/GRE interfaces. This update fixes that.

This update is available in testing and we are planning to make it generally available early next week.