Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 194 has been released for testing, introducing a variety of package updates, new features, and enhancements in security. The update reestablishes the IPFire kernel on Linux 6.12.23, enhancing security and stability. Stephen Cuka has made a significant update to the Pakfire page, enhancing controls and incorporating language translation features.

The release additionally encompasses enhancements for firewalls, improvements to the IPsec host certificate renewal processes, and the substitution of libidn. The update cover fixes for CVE-2024-8176, Zabbix Server 7.0.11 LTS, along with enhancements for add-ons such as Bacula, cifs-utils, FFmpeg, Git, mpd, mympd, OVMF, and Samba.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 193 has been released, incorporating support for post-quantum cryptography within IPsec tunnels, along with a substantial update to the core toolchain. This update is an integral component of our continuous efforts to maintain the security, modernity, and efficiency of IPFire. IPsec tunnels now allow for secure key exchanges using the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is safe from attacks by those using quantum computers. This decision guarantees the utilization of modern cryptography whenever feasible, while ensuring that IPFire maintains compatibility with legacy solutions from various vendors. The standard selection of ciphers for newly established tunnels has been revised to incorporate AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305 as the default option.

IPFire has been updated to utilize glibc and Binutils, essential components of the operating system, to produce the most efficient code that leverages the latest hardware capabilities. Recent updates include removing the old Botnet C2 blocklist from abuse.ch, improving the collection of firmware and microcodes, and fixing security issues related to INTEL-SA-01166, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194, as well as correcting a bug with an incorrect serial number.

Here is a roundup of last week's Linux security updates for Arch Linux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux, and Ubuntu Linux.

A new release candidate for the upcoming 1.7.0 release of the OpenSnitch GNU/Linux application firewall has been released for testing, showcasing enhanced integration with third-party software and resolving issues related to crashes when compiling unknown operator rules. The GUI has been enhanced with an upgraded popup layout and refined row selection. The release encompasses bug fixes, enhancements to the Weblate widget, and updates to the Indonesian translation.

Here is a roundup of last week's Linux security updates for Arch Linux, Debian GNU/Linux, Fedora Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 193 is now available for testing, introducing support for Post-Quantum Cryptography in IPsec tunnels, a new toolchain, along with various bug fixes and security enhancements. IPsec tunnels now facilitate key exchanges utilizing the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is considered secure against threats posed by adversaries with access to quantum computing technology. This decision guarantees the utilization of modern cryptography whenever possible, while ensuring that IPFire maintains compatibility with legacy solutions from various vendors.

The standard configuration for new tunnels has been revised to incorporate AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305 as the default option. The toolchain update incorporates security fixes for INTEL-SA-01166, INTEL-SA-01213, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194. Furthermore, a resolution has been implemented for the issue concerning the incorrect serial number, along with enhancements to the visual design of the Firewall Groups page. The update encompasses enhancements to significant components of the distribution, including Apache, autoconf, BIND, binutils, and additional add-ons.

Here is a roundup of last week's Linux security updates for Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 192 has been released and comes with a significant kernel update to Linux 6.12, incorporating enhanced speed for compression and decompression with the DELFATE algorithm, along with various minor bug and security fixes. The kernel update transitions the IPFire kernel to Linux 6.12, enabling Intel and AMD CPUs that support VAES and AVX-512 to achieve a 162% increase in AES-GCM encryption and decryption speed, thereby enhancing IPsec throughput. Optimizing memory alignment has enhanced TCP performance by as much as 40% through the use of smaller structures. Support for TCP fraglist GRO has been implemented, enabling the chaining of multiple TCP packets, which enhances throughput for PPPoE connections on systems that do not have basic checksum offloading capabilities. Support for new drivers has been introduced and expanded for a range of network devices, including rtl8192du.

Collectd 5, the service responsible for gathering statistics about the IPFire operating system, has been upgraded to version 5.12.0, introducing various bug fixes and enhancements. zlib-ng, a fork that enhances the legacy DEFLATE zlib compression library, has received updates aimed at boosting performance and efficiency. The miscellaneous packages encompass Rust, CLAMAV, dnsdist, fetchmail, FRR, mympd, nano, Postfix, QEMU and QEMU Guest Agent, Samba, strace, tshark, speedtest-cli, and CUPS.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

ConfigServer Services has announced the release of CSF 14.24, a comprehensive set of scripts that provide a strong firewall, login/intrusion detection, and security application for Linux servers. The package includes a simple SPI iptables firewall script, a daemon process that monitors for login authentication failures across many apps, and custom login failures with distinct log files and regular expression matching. It also has UI interaction for cPanel, DirectAdmin, and Webmin, making it simple to upgrade between versions.

The new CSF 14.24 update has fixed a regression bug in v14.23, modifying the UI HTTP header checks to be case agnostic.

ConfigServer Services has announced the release of CSF v14.23, a Stateful Packet Inspection (SPI) firewall, along with Login/Intrusion Detection and Security applications designed for Linux servers. The collection of scripts features a straightforward SPI iptables firewall script, a daemon process that monitors login authentication failures across various applications, and a user interface integration for cPanel, DirectAdmin, and Webmin.

The update features updated Apache regexes for identifying remote or client IP triggers, case-insensitive UI HTTP header validations, and enhancements to CC list string sanitation.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 192 is now available for testing, introducing a new kernel based on Linux 6.12, collectd 5, enhanced compression and decompression for the DELFATE algorithm, along with various minor bug and security fixes. The kernel release presents notable enhancements, including accelerated AES-GCM encryption and decryption for Intel and AMD CPUs equipped with VAES and AVX-512, memory alignment optimization that can boost TCP performance by up to 40%, support for TCP fraglist GRO, and scheduling enhancements for improved responsiveness to load spikes. Support for new drivers has been added and expanded for a range of network devices.

The add-ons consist of CLAMAV 1.4.2, dnsdist 1.9.8, fetchmail 6.5.2, FRR 10.2.1, mympd 19.0.2, nano 8.3, Postfix 3.9.1, and QEMU. Guest Agent 9.2.0, Samba 4.21.3, strace 6.12, tshark 4.4.3, speedtest-cli, CUPS Filters, CUPS PDF, Foomatic, Gutenprint, HP and EPSON Inkjet Printer drivers, along with auxiliary libraries such as libcms2, libtiff, openjpg, poppler, and QPDF.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.