View Full Version : IPFire 2.27 - Core Update 178 is available for testing

01-11-2024, 07:43 AM
The next Core Update is available for testing: IPFire 2.27 - Core Update 178 which includes kernel and microcode fixes to mitigate vulnerabilities in Intel and AMD processors.
Downfall (https://downfall.page/media/downfall.pdf) attacks target a critical weakness found in billions of modern processors used in personal and cloud computers. This vulnerability, identified as CVE-2022-40982 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40982), enables a user to access and steal data from other users who share the same computer. For instance, a malicious app obtained from an app store could use the Downfall attack to steal sensitive information like passwords, encryption keys, and private data such as banking details, personal emails, and messages. Similarly, in cloud computing environments, a malicious customer could exploit the Downfall vulnerability to steal data and credentials from other customers who share the same cloud computer.
Inception (https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf) (CVE-2023-20569 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-20569)) is a novel transient execution attack that leaks arbitrary data on all AMD Zen CPUs in the presence of all previously deployed software- and hardware mitigations. As in the movie of the same name, Inception plants an “idea” in the CPU while it is in a sense “dreaming”, to make it take wrong actions based on supposedly self conceived experiences. Using this approach, Inception hijacks the transient control-flow of return instructions on all AMD Zen CPUs.
Phantom (https://comsec.ethz.ch/wp-content/files/phantom_micro23.pdf) (CVE-2022-23825 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-23825)) enables an attacker to create a transient window at arbitrary instructions. Suddenly, a seemingly harmless XOR instruction can behave like a call instruction, and allow the attacker to create a transient window.
Hyper-VDue to a bug in Hyper-V, the IPFire Kernel in Core Update 177 was unable to boot. This has been fixed in a workaround.
How is IPFire affected?IPFire is not directly affected by any of these attacks as the firewall never executes untrusted code. All programs on IPFire come from our package management system which signs all updates. However, it might be possible for an attacker to inject any code remotely by some undiscovered vulnerability and using these CPU vulnerabilities might allow the attacker to create more damage. Therefore, we recommend to install this update as soon as possible and to reboot your firewall.
This update has been added into the regular release cycle of IPFire. A previous version of Core Update 178 has been moved to 179 and users who installed the previous update from the unstable tree should reinstall this update once again to receive all fixes.

More... (https://www.ipfire.org/blog/ipfire-2-27-core-update-178-is-available-for-testing)