IPFire 2.21 - Core Update 130 is available for testing

by Michael Tremer, April 12, 2019, Updated April 12, 2019

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Just a couple of days after the release of IPFire 2.21 - Core Update 130, the next release is available for testing. This is an emergency update with various bug fixes and a large number of security fixes.

Security

IPFire 2.21 - Core Update 130 contains security updates for the following packages:

  • Apache 2.4.39: The Apache Web Server, which runs the IPFire Web User Interface, was vulnerable for various privilege escalations (CVE-2019-0211), access control bypasses (CVE-2019-0215, CVE-2019-0217), DoS attacks (CVE-2019-0197), buffer overflow (CVE-2019-0196) and a URL normalisation inconsistency (CVE-2019-0220). They are all regarded to be of "low" severity.
  • wget 1.20.3: wget has had multiple vulnerabilities that allowed an attacker to execute arbitrary code (CVE-2019-5953).
  • clamav 0.101.2: ClamAV, the virus scanner, has had multiple vulnerabilities that allowed DoS and a buffer overflow in a bundled third-party library.

Although some of these vulnerabilities are only of low severity, we recommend to install this update as soon as possible!

IPsec Regression

The last update introduced a regression in the IPsec stack that caused that the firewall could no longer access any hosts on the remote side when the tunnel was run in tunnel mode without any VTI/GRE interfaces. This update fixes that.

This update is available in testing and we are planning to make it generally available early next week.