IPFire 2.19 - Core update 101 released

IPFire project announced availability of IPFire 2.19 - Core update 101, latest update for distributions current stable branch. IPFire is an open source firewall distribution that is designed to be modular and highly customizable to match with requirements of a wide range of users.

As usual, new update pack of IPFire 2.19 is also coming with several bug fixes. These bug fixes includes cross site scripting vulnerability fix and fix for remote code execution vulnerability in IPFire web interface.

Yann Cam, an independent security researcher, discovered to vulnerabilities in the IPFire Web User interface that could be used in some circumstances. In the ipinfo.cgi file, a cross-site scripting attack could be executed on logged in users and in two more CGI files (proxy.cgi and chpasswd.cgi), a remote code execution vulnerability was found which allowed attackers to use the aforementioned cross-site scripting attack to execute shell commands as an unprivileged user on the IPFire system.

These attacks are only possible to perform on an admin’s computer and only in that instance when the administrator is logged in to the web user interface. Of course we recommend to install this update as soon as possible to close these vulnerabilities.
For more information, see original release announcement published by IPFire team.

Share this