This update also includes a major overhaul of the core toolchain, integrating glibc version 2.41 and Binutils version 2.44, which are essential for optimizing code to leverage the latest hardware advancements. Additionally, several security vulnerabilities related to Intel products have been addressed, alongside fixes for various bugs, including a serial number error affecting IPsec certificate renewals.
Further updates include the removal of the outdated Botnet C2 blocklist from abuse.ch, enhancements to the firmware archive, and contributions from community members such as aesthetic improvements to the Firewall Groups page and the addition of DNS-over-TLS as a default service.
The release also sees updates across a wide array of components, ensuring that the overall IPFire experience remains modern, secure, and efficient. The IPFire team encourages users to install this update promptly to take advantage of the enhancements and security fixes.
In summary, IPFire 2.29 - Core Update 193 represents a substantial step forward in ensuring the security and efficiency of the platform, particularly with the introduction of post-quantum cryptography, which prepares IPFire for future challenges in cybersecurity. The team expresses gratitude to all contributors and encourages continued support to maintain the project's growth and stability
IPFire 2.29 - Core Update 193 released
IPFire 2.29 - Core Update 193 has been released, incorporating support for post-quantum cryptography within IPsec tunnels, along with a substantial update to the core toolchain. This update is an integral component of our continuous efforts to maintain the security, modernity, and efficiency of IPFire. IPsec tunnels now allow for secure key exchanges using the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), which is safe from attacks by those using quantum computers. This decision guarantees the utilization of modern cryptography whenever feasible, while ensuring that IPFire maintains compatibility with legacy solutions from various vendors. The standard selection of ciphers for newly established tunnels has been revised to incorporate AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305 as the default option.
IPFire has been updated to utilize glibc and Binutils, essential components of the operating system, to produce the most efficient code that leverages the latest hardware capabilities. Recent updates include removing the old Botnet C2 blocklist from abuse.ch, improving the collection of firmware and microcodes, and fixing security issues related to INTEL-SA-01166, INTEL-SA-01139, INTEL-SA-01228, and INTEL-SA-01194, as well as correcting a bug with an incorrect serial number.
