IPFire 2.23 core update 134 is here to fix the vulnerability known as SACK Panic

iFire 2.23

Last week, many Linux distributions released new versions of their kernel to fix various security flaws that have recently been discovered. A few hours ago, Michael Tremer announced the availability of iFire 2.23 Core Update 134, a new maintenance version that comes mainly to correct or avoid exploiting the same bugs, among which is the one known as SACK Panic. In case you don't know, IPFire is an open source firewall based on Linux.

sack panic It affects the Linux kernel network segments of processed Selective Awareness TCP segments. Is about serious security flaws that could allow a remote malicious user to cause tagging as a SACK Panic attack via denial of service. Specifically, we are talking about two failures: the first could cause a kernel panic and the second could trick the system into transmitting all the small packets so that those transfers would use all the bandwidth and cause an overhead.

Other changes included in IPFire 2.23

  • The Captive Portal has been enhanced to display after an IPFire restart.
  • GCM encryption is now used before CBC for TLS connections.
  • Underscores are now supported for email addresses entered in the web user interface.
  • The French translation has been updated, as well as the translations for various strings.
  • Several components have been updated to the latest version, such as Bind 9.11.8, Unbound 1.9.2, and Vim 8.1.

For users who are already using previous versions of IPFire, it can be upgraded to IPFire 2.23 from the package upgrade system that includes the same software. Users who want to perform a new installation can do so by downloading the installers from this link. Considering that the bugs were labeled "serious", I wouldn't wait long to update.

iFire 2.23
Related article:
IPFire 2.23 is here to fix Intel's MDS vulnerabilities

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.