Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for Arch Linux, AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 195 has been released for testing. The update features a comprehensive interface designed for the configuration and management of WireGuard tunnels via the web user interface. WireGuard serves as a versatile solution for both net-to-net and host-to-net VPN connections, offering a streamlined alternative to IPsec and OpenVPN. The configuration process is simple, and the IPFire implementation features complete integration within the firewall GUI. It supports multiple peers, includes a QR code display, offers a connection importer, and is compatible with the Intrusion Prevention System and Connection Tracking. The update incorporates enhancements to Pakfire, featuring the automatic updating of its SMART database with hard drive information.

IPFire 2.29 - Core Update 194 has been released and represents the most recent enhancement to the secure and high-performance open-source firewall. This update encompasses various enhancements and bug resolutions, prioritizing the improvement of security and usability while maintaining simplicity. The update reestablishes the IPFire kernel on Linux 6.12.23, incorporating enhancements for security and stability. Stephen Cuka made a significant update to the Pakfire page, enhancing controls and language translation. The firewall has been configured to permit outgoing connections utilizing an alias IP address, which will be NATed to the default IP address on RED. The process for renewing the IPsec host certificate now accurately updates internal files. The update encompasses enhancements to packages, add-ons, and Zabbix Server 6.x.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

The release of OWASP CRS 4.14.0 brings new features and detections, such as the ability to detect ASP web shells, compressed database dumps, and JavaScript methods. Other changes include fixing FPs related to rule 951220, blocking TTF font files, detecting forward slashes in paths, and removing .application from restricted extensions.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 194 has been released for testing, introducing a variety of package updates, new features, and enhancements in security. The update reestablishes the IPFire kernel on Linux 6.12.23, enhancing security and stability. Stephen Cuka has made a significant update to the Pakfire page, enhancing controls and incorporating language translation features.

The release additionally encompasses enhancements for firewalls, improvements to the IPsec host certificate renewal processes, and the substitution of libidn. The update cover fixes for CVE-2024-8176, Zabbix Server 7.0.11 LTS, along with enhancements for add-ons such as Bacula, cifs-utils, FFmpeg, Git, mpd, mympd, OVMF, and Samba.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 193 has been released, incorporating support for post-quantum cryptography within IPsec tunnels, along with a substantial update to the core toolchain. This update is an integral component of our continuous efforts to maintain the security, modernity, and efficiency of IPFire. IPsec tunnels now allow for secure key exchanges using the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is safe from attacks by those using quantum computers. This decision guarantees the utilization of modern cryptography whenever feasible, while ensuring that IPFire maintains compatibility with legacy solutions from various vendors. The standard selection of ciphers for newly established tunnels has been revised to incorporate AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305 as the default option.

IPFire has been updated to utilize glibc and Binutils, essential components of the operating system, to produce the most efficient code that leverages the latest hardware capabilities. Recent updates include removing the old Botnet C2 blocklist from abuse.ch, improving the collection of firmware and microcodes, and fixing security issues related to INTEL-SA-01166, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194, as well as correcting a bug with an incorrect serial number.

Here is a roundup of last week's Linux security updates for Arch Linux, Debian GNU/Linux, Fedora Linux, Gentoo Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux, and Ubuntu Linux.

A new release candidate for the upcoming 1.7.0 release of the OpenSnitch GNU/Linux application firewall has been released for testing, showcasing enhanced integration with third-party software and resolving issues related to crashes when compiling unknown operator rules. The GUI has been enhanced with an upgraded popup layout and refined row selection. The release encompasses bug fixes, enhancements to the Weblate widget, and updates to the Indonesian translation.

Here is a roundup of last week's Linux security updates for Arch Linux, Debian GNU/Linux, Fedora Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux.

Here is a roundup of last week's Linux security updates for Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 193 is now available for testing, introducing support for Post-Quantum Cryptography in IPsec tunnels, a new toolchain, along with various bug fixes and security enhancements. IPsec tunnels now facilitate key exchanges utilizing the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is considered secure against threats posed by adversaries with access to quantum computing technology. This decision guarantees the utilization of modern cryptography whenever possible, while ensuring that IPFire maintains compatibility with legacy solutions from various vendors.

The standard configuration for new tunnels has been revised to incorporate AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305 as the default option. The toolchain update incorporates security fixes for INTEL-SA-01166, INTEL-SA-01213, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194. Furthermore, a resolution has been implemented for the issue concerning the incorrect serial number, along with enhancements to the visual design of the Firewall Groups page. The update encompasses enhancements to significant components of the distribution, including Apache, autoconf, BIND, binutils, and additional add-ons.

Here is a roundup of last week's Linux security updates for Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux.

IPFire 2.29 - Core Update 192 has been released and comes with a significant kernel update to Linux 6.12, incorporating enhanced speed for compression and decompression with the DELFATE algorithm, along with various minor bug and security fixes. The kernel update transitions the IPFire kernel to Linux 6.12, enabling Intel and AMD CPUs that support VAES and AVX-512 to achieve a 162% increase in AES-GCM encryption and decryption speed, thereby enhancing IPsec throughput. Optimizing memory alignment has enhanced TCP performance by as much as 40% through the use of smaller structures. Support for TCP fraglist GRO has been implemented, enabling the chaining of multiple TCP packets, which enhances throughput for PPPoE connections on systems that do not have basic checksum offloading capabilities. Support for new drivers has been introduced and expanded for a range of network devices, including rtl8192du.

Collectd 5, the service responsible for gathering statistics about the IPFire operating system, has been upgraded to version 5.12.0, introducing various bug fixes and enhancements. zlib-ng, a fork that enhances the legacy DEFLATE zlib compression library, has received updates aimed at boosting performance and efficiency. The miscellaneous packages encompass Rust, CLAMAV, dnsdist, fetchmail, FRR, mympd, nano, Postfix, QEMU and QEMU Guest Agent, Samba, strace, tshark, speedtest-cli, and CUPS.