Security 10745 Published by

IPFire 2.27 - Core Update 167 has been released. IPFire is a powerful and professional Open Source firewall solution.



IPFire 2.27 - Core Update 167 released

Another update of IPFire is ready: IPFire 2.27 - Core Update 167. It brings an updated kernel in which we continue our efforts to harden IPFire even further; various package updates including bug and security fixes as well as smaller improvements throughout the distribution.

Linux Kernel 5.15.35

As usual, the updated kernel comes with a heap of bug fixes, security fixes, and hardware support improvements from upstream. In addition to that, Michael  contributed a patch, which is not only fixing bug  #12760, but also believed to cure some long-standing quirks, causing especially VoIP calls not to be established properly every now and then. Should the patch pass testing successfully, we will of course upstream it to the Linux kernel in order to let the whole open-source community benefit from it.

As usual, we took the opportunity to harden the kernel even further.

Miscellaneous

  • dracut has been updated to version 056 and improved to compress initial ramdisks better and faster. This also fixes boot issues on Xen hypervisors ( #12773).
  • Support for ReiserFS has been dropped from the installer, as this filesystem is now marked as deprecated in the Linux kernel since it is not compatible and won't be made compatible for the Y2k38 problem. Existing installations will continue to be supported for the time being.
  • ARM: OrangePi Zero Plus and NanoPi R1S H5 are now supported
  • Stefan contributed various fixes and improvements to the  Intrusion Prevention System, resolving a couple of bugs
  • In addition, he and Michael squashed some bugs in the firewall engine that were unfortunately not spotted during the testing phase for  Core Update 165
  • unbound-dhcp-leases-bridge has received improvements to reliably propagate DHCP hosts to the DNS. Thanks go to Anthony Heading for his work on that front.
  • Text editor nano is now part of the core system, to provide users with an alternative to vim without needing to install an add-on
  • A GPG key rollover for Pakfire, IPFire's package management, was performed
  • Irrelevant parts of linux-firmware, such as firmware blobs for switches, are no longer shipped and installed, saving a couple of megabytes
  • A spring clean is performed on existing installation, removing orphaned system files accidentally left over from previous updates
  • Bernhard contributed patches for fixing the "hostile networks" in the firewall hits graph
  • The checksum algorithm for compilation routines and development has switched from MD5 to BLAKE2, requiring a couple of changes under the hood
  • Several improvements were made to the web interface by Matthias
  • After Core Update 165, Tor crashed due to its sandbox not permitting some syscalls required by updated glibc. This has now been fixed.
  • Updated packages: apache 2.4.53, bind 9.16.27, curl 7.82.0, gzip 1.12 to fix  CVE-2022-1271 (xz was patched in this occasion as well), harfbuzz 3.4.0, iproute2 5.17.0, libdnet 1.14, libloc 0.9.13, nano 6.2, ntfs-3g 2021.8.22, OpenSSH 8.9p1, OpenSSL 1.1.1n, pango 1.50.4, perl-CGI 4.54, psmisc 23.4, rrdtool 1.8.0, smartmontools 7.3, sqlite 3380000, strongSwan 5.9.5, sudo 1.9.10, util-linux 2.38, wget 1.21.3, wireless-regdb 2022.02.18, zlib 1.2.12 to fix  another vulnerability not covered in Core Update 166
  • Updated add-ons: cifs-utils 6.14, cups-filters 1.28.14, ghostscript 9.56.1, haproxy 2.4.15, hplip 3.22.2, monit 5.32.0, nmap 7.92, Postfix 3.7.0

As always, we thank all people contributing to this release in whatever shape and form. Please note IPFire is backed by volunteers, maintaining and improving this distribution in their spare time - should you like what we are doing, please  donate to keep the lights on, an consider  becoming engaged in development to distribute the load over more shoulders.



IPFire 2.27 - Core Update 167 released