The famous firewall for Linux IPFire was updated last weekend. By the looks of it, the new version is an emergency release that has occurred primarily to prevent anyone and nothing from exploiting the recently discovered Intel MDS vulnerabilities. IPFire 2.23 Core Update 132 is a maintenance update, which means there are no notable new features beyond bug fixes, support enhancements, and security patches.
IPFire 2.23 arrives with a updated linux kernel, more specifically v4.14.120 of the system kernel. Linux 4.14.120 already includes all the necessary patches to correct the mentioned Intel MDS vulnerabilities, among which we have RIDL, Fallout and Zombieland. On the other hand, it includes an updated intel-microcode firmware whose version arrives with the number 20190514 (May 14, 2019). It has also disabled SMT by default on all affected processors to reduce the risk of a failure that cannot be repaired, causing a significant performance hit.
IPFire 2.23, an emergency launch
Intel will no longer release any more microcode for no processor, which means that our computer could still be vulnerable. Avoiding it mostly depends on the developers offering the operating systems, who must release the patches to correct the problems.
The new version adds a new GUI that notifies users about which attacks are potentially dangerous to our hardware and whether or not action has been taken. IPFire 2.23 also comes with a new graphical interface that will allow us to configure VLAN interfaces for zones, as well as the possibility of configuring a zone in bridge mode.
Other new features in this version
- Suricata IPS supports systems with processors of more than 16 cores.
- GCM mode is now used before CBC for the web user interface to improve its security.
- OpenVPN has been improved for greater security.
- The Suricata registry entries are now visible in the system registry section.
- Fixed a cross-site scripting vulnerability in the Captive Portal.
- Components have been updated to the latest versions, such as:
- BIND 9.11.6-P1.
- dhcpcd 7.2.2.
- igmpproxy 0.2.1.
- Knot 2.8.1.
- libedit 20190324-3.1.
- TOR 0.4.0.5.
- Zabbix 4.2.1.
- The Wireless AP Plugin has been updated to improve support for DFS.
- Automatic Selection and Management Frame Protection have been included.
IPFire 2.23 Core Update 132 is available at this link.