With this week's release of Core Update 146, we already have made the next one available for testing. It contains a vast amount of package updates and brings some security updates.
The squid web proxy had a number of security vulnerabilities that have been patched in version 4.12. Those are:
- CVE-2020-15049 - (SQUID-2020:7) - Cache Poisoning Issue in HTTP Request processing
There was a third vulnerability in the TLS component of squid which is not activated in IPFire and therefore IPFire is not vulnerable (CVE-2020-14058).
- The Linux firmware package was updated to version 20200519 and brings various improvements to hardware components and adds support for more hardware.
- A long-standing issue with forwarding GRE connections has been resolved. It was absolutely impossible to get such connections through the firewall, because IPFire's internal connection tracking refused to handle them.
- Amazon Web Services: The firewall will now configure all zones to use jumbo frames by default. Since Amazon's network allows packets with up to 9001 bytes, this will increase bandwidth in the cloud. The RED interface is exempt, because the Internet still defaults to only 1500 bytes per packet.
- Updated packages: bind 9.11.20, dhcpcd 9.1.2, GnuTLS 3.6.14, gmp 6.2.0, iproute2 5.7.0, libassuan 2.5.3, libgcrypt 1.8.5, libgpg-error 1.38, OpenSSH 8.3p1, squidguard 1.6.0
- Bacula, a backup solution, was updated to version 9.6.5 by Adolf Belka
- borgbackup 1.1.13
- haproxy 2.1.7
- Joe 4.6
Although this update is rather small in number of changes, it is rather large on disk due to the many Linux firmware files that we are shipping. Please help us testing this release to make sure it won't introduce any new regressions into IPFire.