Autor Thema: Firewall-Distributionen diverses  (Gelesen 5622 mal)

0 Mitglieder und 1 Gast betrachten dieses Thema.

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPCop 2.1.7
« Antwort #15 am: 29 Oktober, 2014, 20:00 »
Zitat
IPCop 2.1.7 is released

v2.1.7 can be installed using the installation images or as an update from version 2.1.6.

v2.1.7 fixes PPPoE dialup.

http://www.ipcop.org/

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
pfSense 2.2 veröffentlicht
« Antwort #17 am: 01 Februar, 2015, 14:31 »
Die freie, auf FreeBSD basierende Firewall-Distribution pfSense ist in der Version 2.2 erschienen. Die Entwickler korrigierten in pfSense 2.2 über 300 Fehler und fügten 55 neue Funktionalitäten hinzu.

Eine Neuerung in pfSense 2.2 ist, dass das zugrunde liegende Betriebssystem FreeBSD auf die Version 10.1 aktualisiert wurde. Beim IPSec-Backend wechselten die Entwickler von Racoon auf StrongSwan. Das PHP-Backend nutzt nun PHP 5.5 und PHP-FPM anstelle von FastCGI und der DNS-Resolver Unbound ist in neuen Installationen standardmäßig aktiviert. Bei der Standardkonfiguration schalteten die Entwickler den DNS-Forwarder dnsmasq ab, änderten die Default-NICs von vr auf em und räumten die config.xml auf.

Hinsichtlich der Sicherheit prüft pfSense nun SSL-Zertifikate von HTTPS-URLs, warnt Nutzer vor inoffiziellen Paket-Repositorien und nutzt bei der grafischen Weboberfläche öfter POST- anstelle von GET-Anfragen. Das sshd-Banner teilt nicht mehr die zugrunde liegende Free-BSD-Version mit, jQuery ist in der Version 1.11.1 enthalten und SSLv3 und RC4-Cipher sind in Lighttpd abgeschaltet. Beim Routing erlauben es die Entwickler den Nutzern, ein Gateway in der GUI als Down zu markieren und das Gateway auszuwählen, über das DynDNS-Updates versendet werden. Für statische Routen lässt sich die -iface-Option für PPPoE nutzen, falls mehrere PPoE-Verbindungen über das selbe Gateway laufen.

Der ganze Artikel

Quelle : www.pro-linux.de

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Linux-Firewall: IPFire-Korrektur bringt neue Funktionen
« Antwort #18 am: 22 April, 2015, 16:47 »
IPFire 2.17 korrigiert mit dem Core Update 89 nicht nur eine Reihe von Fehlern. Es erweitert auch den DynDNS-Updater und die Statistiken der Linux-Firewall.

Das Core-Update 89 von IPFire 2.17 behebt Fehler und aktualisiert zahlreiche Tools und Dienste der Linux-Firewall. Das Update erweitert die Linux-Firewall zudem um neue Funktionen: So sammelt IPFire nun Statistiken zu Netz-zu-Netz-Verbindungen von OpenVPN und stellt sie grafisch dar. Der DynDNS-Updater protokolliert Updates und stößt bei fehlgeschlagenen Versuchen erneute Versuche an. Zusätzlich unterstützt die Software nun mehr DynDNS2-Anbieter und sie erkennt, ob ein DynDNS-Anbieter den Zugriff gesperrt hat. Außerdem wurden eine Reihe von Problemen mit DynDNS-Diensten behoben.

Das Update aktualisierte den DNS- und DHCP-Server dnsmasq und behebt damit unter anderem Fehler bei der DNSSEC-Unterstützung. Die Entwickler haben den Proxy haproxy 1.5 und Prozessverwaltungstool monit 5.11 zu IPFires Softwareausstattung hinzugefügt und mehrere Fehler im Webinterface (Firewall, Squid-Accounting), bei der Lebensdauer von IPSec- und OpenVPN-Zertifikaten sowie beim Backup und im Installer korrigiert. Weitere Details zu den Änderungen und Neuheiten von IPFire 2.17 Core Update 89 verrät die Release-Mitteilung.

Quelle: www.heise.de

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Linux-Firewall IPFire mit GeoIP-Filter
« Antwort #19 am: 29 Mai, 2015, 16:40 »
Im neuen Update 90 der Linux-Firewall IPFire 2.17 beschleunigen die Entwickler zudem verschiedene Crypto-Algorithmen, schalten anfällige SSL-Versionen ab und verbessern das Zusammenspiel zwischen IPSec-Server und dem IPSec-Windows-Client.

Das Core-Update 90 der Linux-Firewall IPFire 2.17 aktualisiert nicht nur zahlreiche Softwarepakete und Voreinstellungen. Dank Spenden könnten die Entwickler die Firewall nun um einen GeoIP-Filter erweitern, der ein- und ausgehenden Netzwerkverkehr anhand geografischer Daten (GeoIP) blockieren oder passieren lässt.

Der Filter erschwert automatische Scans nach verwundbaren Diensten und hilft, die eigenen Angebote abzusichern: So lassen sich etwa leicht die von Schadsoftware genutzten Command-and-Control-Servern blockieren und Fernwartungszugänge auf einzelne Länder beschränken. Kommuniziert man eher selten mit bestimmten Regionen, legt man beispielsweise Limits für neue Verbindungen aus diesen Ländern fest.

Der ganze Artikel

Quelle : www.heise.de

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Anwender der IPFire-Version 2.17 sollten das Core-Update 91 bald einspielen, denn es schließt unter anderem die jüngst hochgekommene Logjam-Lücke in OpenSSL.

Mit dem Core-Update 91 stopft die Firewall-Distribution IPFire 2.17 Sicherheitslücken in der OpenSSL-Bibliothek sowie in der VPN-Server- und -Client-Komponente StrongSwan. Die OpenSSL-Version 1.0.2b schließt sechs Löcher, darunter die kritische Logjam-Lücke, mit der sich SSL-Verbindungen auf ein unsicheres Verschlüsselungsniveau zurückstufen ließen. StrongSwan 5.3.1 behebt eine Angriffsmöglichkeit, die zum Denial-of-Service und eventuell zur Code-Ausführung genutzt werden konnte. Außerdem wurden einige weitere Pakete aufgefrischt.

Der ganze Artikel

Quelle : www.heise.de

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
Linux-Firwall IPFire 2.17, Core Update 93 erschienen
« Antwort #21 am: 18 August, 2015, 13:40 »
Mit den Änderungen schließen die Entwickler hauptsächlich einige Sicherheitslücken. Darüber hinaus sind einige Pakete aktualisiert und eine Filterfunktion hinzugefügt worden, die bei bestimmten SSD-Laufwerken die TRIM-Funktion abschaltet.

Das Firewall-Paket IPFire stopft in der neuen Version 2.17 Core Update 93 eine Hand voll Sicherheitslücken im Web-Proxy Squid, im DNS-Server dnsmasq und in einer Perl-kompatiblen Bibliothek. Der zugehörige DDNS-Client soll in der neuen Version 008 unter anderem robuster gegenüber Netzwerk- und Serverfehlern von sein und nun auch Dienste der Anbieter joker.com und DNSmadeEasy nutzen.

Der ganze Artikel

Quelle : www.heise.de

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.17 Core Update 96
« Antwort #23 am: 21 Januar, 2016, 17:01 »
Release Notes

This is the official release announcement for IPFire 2.17 – Core Update 96. This update comes with many smaller changes and security fixes.

Ramdisk usage change

IPFire uses round-robin databases to collect system data and generate beautiful graphs. The databases have usually been kept in memory. This change was made in early versions of IPFire to keep the amount of writes to the block device to a minimum. However, the number of the databases has been growing and many systems don’t have enough capacity in memory. The objective was also that ordinary flash storage is quite slow. These systems are now however less commonly used which makes this change unnecessary.

To give an example, many of the ALIX boards use very slow compact flash storage and do only have 256 or even 128 MB of memory. So neither is really an option. Systems you will purchase today usually come with fast SSD storage and a few gigabytes of memory. So both is a viable option to store these databases.

New installed IPFire systems will now only use the persistent storage to store these database files. All updates systems will stick with the old behaviour if they have about 512 MB of RAM or more. Otherwise upgraded systems will also fall back to the persistent storage.
Misc

    openssl has been updated to version 1.0.2e which fixes various security vulnerabilities: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
    The NTP service was unable to communicate with the local clock and therefore not able to provide time to the network.
    strongswan is updated to version 5.3.5 which fixes various security issues
        The connection list in the web user interface when IPsec subnets with multiple local or remote subnets are used.
    The firewall engine handles SNAT rules more restrictive and avoids overmatching of packages that are sent over an IPsec network
    Various patches to improve dnsmasq have been imported from upstream
    curl wasn’t able to validate publicly signed SSL certificates because it could not find the certificate store. This is now fixed.
    dma, the internal mail agent, now handles authentication against remote mail servers better due to a patch sent to the project by the IPFire developers
    Support for cryptodev has been dropped
    mdadm has been updated to version 3.3.4, arping has been updated to version 2.15, rrdtool has been updated to version 1.5.5, libnet 1.1.6 is now shipped with the core distribution
    On x86-based systems, GRUB, the bootloader, has been patched against an integer overflow vulnerability filed under CVE-2015-8370 which allowed users to bypass authentication after pressing backspace for 28 times
    Snort now also monitors alias address on red if any have been configured
    The Turkish translation has been updated

Updated add-ons

    nano has been updated to 2.5.0
    Midnight Commander has been updated to 4.8.15
    clamav has been updated to version 0.99
    openvmtools have been updated to version 10.0.5
    squid-accounting has received minor bug fixes
    tripwire has been dropped

[close]

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.17 Core Update 97
« Antwort #24 am: 01 Februar, 2016, 19:00 »
Release Notes

This is the official release announcement for IPFire 2.17 – Core Update 97. An other OpenSSL security fix has been released, which is shipped in this Core Update among some other security vulnerabilities. As this is a rather urgent update, we recommend to install it as soon as possible. We also recommend rebooting after the update has been installed.

OpenSSL security fixes – 1.0.2f

It is possible to exploit the Diffie-Hellman key exchange (CVE-2016-0701)and get hold of the server’s private exponent. With that any future connections can be decrypted. Please check out the original security advisory for more details.

A second fix (CVE-2015-3197) in the OpenSSL library fixes the deactivation of some SSLv2 ciphers.

An other change will strengthen SSL connections against being taken over by a man-in-the-middle attack that tries to downgrade the length of the Diffie-Hellman key that is being used.

OpenSSH 7.1p2

An information leak (CVE-2016-0777) flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client.

The SSH daemon will be restarted during the update in case it is enabled.

[close]

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.17 Core Update 98
« Antwort #25 am: 25 Februar, 2016, 18:00 »
Release Notes

Due to a recently discovered security vulnerability in glibc, we are releasing this Core Update that contains a fix for CVE-2015-7547.
CVE-2015-7547 in glibc/getaddrinfo

The getaddrinfo() interface is glibc, the system’s main C library, is used to resolve names into IP addresses using DNS. An attacker can exploit the process in the system performing this request by sending a forged reply that is too long causing a stack buffer overflow. Code can potentially be injected and executed.

IPFire is however not directly exploitable by this vulnerability as it is using a DNS proxy, that rejects DNS responses that are too long. So IPFire itself and all systems on the network that use IPFire as DNS proxy are protected by the DNS proxy. However, we decided to push out a patch for this vulnerability as quickly as we can.

[close]

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.17 Core Update 99
« Antwort #26 am: 08 März, 2016, 17:00 »
Release Notes

This is the official release announcement for IPFire 2.17 – Core Update 99. Another OpenSSL security fix has been released, so that we created this Core Update that fixes that among some other security vulnerabilities.
OpenSSL security fixes – 1.0.2g

Please check out the original security advisory for more details.

    Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
    Double-free in DSA code (CVE-2016-0705)
    Memory leak in SRP database lookups (CVE-2016-0798)
    BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
    Fix memory issues in BIO_*printf functions (CVE-2016-0799)
    Side channel attack on modular exponentiation (CVE-2016-0702)
    Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
    Bleichenbacher oracle in SSLv2 (CVE-2016-0704)

IPFire is most likely not vulnerable by the most famous of all these vulnerabilities known as DROWN. However we recommend updating as soon as possible and we also recommend to reboot the system afterwards.
OpenSSH 7.2p1

This is primarily a bugfix release.

The SSH daemon will be restarted during the update in case it is enabled.

[close]

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.19 Core Update 100
« Antwort #27 am: 15 April, 2016, 06:00 »
Release Notes

It is a great moment to us and we are very proud to release the 100th Core Update today.

This update will bring you IPFire 2.19 which we release for 64 bit on Intel (x86_64) for the first time. This release was delayed by the various security vulnerabilities in openssl and glibc, but is packed with many improvements under the hood and various bug fixes.

64 bit

There will be no automatic update path from a 32 bit installation to a 64 bit installation. It is required to manually reinstall the system for those who want to change, but a previously generated backup can be restored so that the entire procedure takes usually less than half an hour.

There are not too many advantages over a 64 bit version except some minor performance increases for some use cases and of course the ability to address more memory. IPFire is able to address up to 64GB of RAM on 32 bit, so there is not much need to migrate. We recommend to use 64 bit images for new installations and stick with existing installations as they are.

Kernel Update

As with all major releases, this one comes with an updated Linux kernel to fix bugs and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger against common attacks like stack buffer overflows.

Many firmware blobs for wireless cards and other components have been updated just as the hardware database.

Hyper-V performance issues

A backport of a recent version of the Microsoft Hyper-V network driver module will allow transferring data at higher speeds again. Previous versions had only very poor throughput on some versions of Hyper-V.

Firewall Updates

It is now possible to enable or disable certain connection tracking modules. These Application Layer Gateway (ALG) modules help certain protocols like SIP or FTP to work with NAT. Some VoIP phones or PBXes have problems with those so that they can now be disabled. Some need them.

The firewall has also been optimised to allow more throughput with using slightly less system resources.

Misc

    Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
        GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2, xz 5.2.2
    dnsmasq, the IPFire-internal DNS proxy has been updated and many instability issues have been fixed
    openvpn has been updated to version 2.3.7 and the generated configuration files have been updated to be compatible with upcoming versions of OpenVPN
    IPFire will now wait with booting up when the time needs to synchronised and DHCP is used until the connection is established and then continue booting up
    bind was updated to version 9.10.3-P2
    ntp was updated to version 4.2.8p5
    tzdata, the database for timezone definitions, was updated to version 2016b
    Various cosmetic fixes were done on the web user interface
    A bug causing VLAN devices not being created when the parent NIC comes up has been fixed
    DHCP client: Resetting the MTU on broken NICs that lose link has been fixed
    A ramdisk to store the databases of the graphs shown in the web user interface is now used by default again on installations that use the flash image when more than 400MB of memory is available
    A bug that the Quality of Service could not be stopped has been fixed
    Some old code has been refurbished and some unused code has been dropped in some internal IPFire components

Add-ons

    owncloud has been updated to version 7.0.11
    nano has been updated to version 2.5.1
    rsync has been updated to version 3.1.2

[close]

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.19 Core 104
« Antwort #28 am: 22 September, 2016, 18:00 »
Changelog

Linux 3.14.79:

The Linux kernel has been updated to version 3.14.79 and brings you various bug-fixes, stability improvements and supports more hardware.

Guardian:

Guardian is an Intrusion-Prevention-System that is hooked into Snort, the Intrusion Detection System. It reacts on reported events by blocking access for hosts where malicious traffic was detected to originate from. That enables IPFire to be a dynamic firewall and block any abuse or other unwanted behaviour automatically.
Since the old implementation was quite old and rather limited, Stefan Schantl started a complete rewrite which is faster, more efficient in resource usage and of course more reliable.
If you want to use Guardian, you will have to install the guardian add-on package.
This Core Update updates Snort to version 2.9.8.2.

Misc:

The IPFire web user interface is hardened against a potential environment variable injection attacked known under the name HTTPoxy. This was never possible to exploit in IPFire.
Dynamic DNS Updater
Add support for DuckDNS
Update URL for spdyn
OpenSSH has been updated to 7.3p1 which fixes various security issues
Updated packages: shadow 4.2.1, libarchive 3.2.1, libcap 2.25, acl 2.2.52, iputils s20160308, curl 7.49.1, popt 1.16, pcre 8.39, acpid 2.0.26, which 2.21, libtiff 4.0.6, ntp 4.2.8p8, wget 1.18
Correction of wrong spelled unit “bit”

Add-ons:

Updated:

htop 2.0.2
nano 2.6.1
nginx 1.8.1
p7zip fixes CVE-2016-2334, CVE-2016-2335

New packages:

Indepently from this Core Update, libvirt has been released as a new add-on. Read all about it on its IPFire Planet post.
freeradius, console configuration only

[close]

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )

Offline SiLæncer

  • Cheff-Cubie
  • *****
  • Beiträge: 189183
  • Ohne Input kein Output
    • DVB-Cube
IPFire 2.19 Core 105
« Antwort #29 am: 28 September, 2016, 17:00 »
Whats new:>>

IPFire 2.19 Core Update 105 patches a number of security issues in two cryptographic libaries: openssl and libgcrypt. We recommend installing this update as soon as possible and reboot the IPFire system to complete the update.

http://www.ipfire.org/download

Arbeits.- Testrechner :

Intel® Core™ i7-6700 (4 x 3.40 GHz / 4.00 GHz)
16 GB (2 x 8 GB) DDR4 SDRAM 2133 MHz
250 GB SSD Samsung 750 EVO / 1 TB HDD
ZOTAC Geforce GTX 1080TI AMPExtreme Core Edition 11GB GDDR5
MSI Z170A PC Mate Mainboard
DVD-Brenner Laufwerk
Microsoft Windows 10 Home 64Bit

TT S2 3200 ( BDA Treiber 5.0.1.8 ) + Terratec Cinergy 1200 C ( BDA Treiber 4.8.3.1.8 )