---

IPFire Open-Source Linux Firewall Now Patched Against SACK Panic Vulnerabilities

IPFire 2.23 Core Update 134 is here to address the recently discovered SACK Panic (CVE-2019-11477 and CVE-2019-11478) security vulnerabilities, affecting Linux kernel’s networking subsystem processed TCP Selective Acknowledgment (SACK) segments. These are serious flaws and could allow remote attackers to cause a so-called SACK Panic attack (denial of service). Among other changes include in this update, we can mention that the Captive Portal has been improved to show up after IPFire is restarted, the GCM cipher is now preferred over CBC for TLS connections, underscores are now supported for email addresses entered in the Web UI, and the French translation has been updated, as well as translates for various strings.