Last week, many Linux distributions released new versions of their kernel to fix various security flaws that have recently been discovered. A few hours ago, Michael Tremer announced the availability of iFire 2.23 Core Update 134, a new maintenance version that comes mainly to correct or avoid exploiting the same bugs, among which is the one known as SACK Panic. In case you don't know, IPFire is an open source firewall based on Linux.
sack panic It affects the Linux kernel network segments of processed Selective Awareness TCP segments. Is about serious security flaws that could allow a remote malicious user to cause tagging as a SACK Panic attack via denial of service. Specifically, we are talking about two failures: the first could cause a kernel panic and the second could trick the system into transmitting all the small packets so that those transfers would use all the bandwidth and cause an overhead.
Other changes included in IPFire 2.23
- The Captive Portal has been enhanced to display after an IPFire restart.
- GCM encryption is now used before CBC for TLS connections.
- Underscores are now supported for email addresses entered in the web user interface.
- The French translation has been updated, as well as the translations for various strings.
- Several components have been updated to the latest version, such as Bind 9.11.8, Unbound 1.9.2, and Vim 8.1.
For users who are already using previous versions of IPFire, it can be upgraded to IPFire 2.23 from the package upgrade system that includes the same software. Users who want to perform a new installation can do so by downloading the installers from this link. Considering that the bugs were labeled "serious", I wouldn't wait long to update.
