From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.17 - Core Update 97 released Date: Fri, 29 Jan 2016 17:50:12 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0701612438898783445==" List-Id: --===============0701612438898783445== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit http://www.ipfire.org/news/ipfire-2-17-core-update-97-released This is the official release announcement for IPFire 2.17 – Core Update 97. An other OpenSSL security fix has been released, which is shipped in this Core Update among some other security vulnerabilities. As this is a rather urgent update, we recommend to install it as soon as possible. We also recommend rebooting after the update has been installed. OpenSSL security fixes – 1.0.2f It is possible to exploit the Diffie-Hellman key exchange (CVE-2016- 0701, [1])and get hold of the server’s private exponent. With that any future connections can be decrypted. Please check out the original security advisory for more details. A second fix (CVE-2015-3197) in the OpenSSL library fixes the deactivation of some SSLv2 ciphers. An other change will strengthen SSL connections against being taken over by a man-in-the-middle attack that tries to downgrade the length of the Diffie-Hellman key that is being used. OpenSSH 7.1p2 An information leak (CVE-2016-0777) flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. The SSH daemon will be restarted during the update in case it is enabled.   Please help us to sustain the work on IPFire Project     with your donation [2]. [1] http://openssl.org/news/secadv/20160128.txt [2] http://www.ipfire.org/donate --===============0701612438898783445== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldxNlpVQUFvSkVJQjU4UDl2a0FrSFV0c1AvMDRQeDZldFg3YUN2dEZKZEdadURoVk8K cnIxdCtNREJrTkh4M04vTDRMM1dmelZ4Q3pKNXFwWm9MK3A3blV5V0VBcU1HSlJPbWpxZGg5Mm5r eGxya0MxUAprYzI1N1h4a0FGQWJMYUpMV0xnZWdodG5DZEF4T0NHdjJvNy9HbEU2T3RsN0w4TlFM OHFnWFpxZkYvUEJxdWgyCm96Z21tT1U1dTJBQUIvUldGRmVRYXNtNis2aXl0MnpnTjhOajNtV24w RkIzNjI1WlE0Vzhra0haRHUvaTJZNXEKZW0zamt2T0tRUktENmNDbnBTVDFFRFpoTVZUZ1ZJTmxG UnZkVnZrSWxGdjhWbjBEdUZpVUxIZVRnZXUzWXpFdgpQYkJRRDZaU2JjMzNsYThJYzI5QkxBdGVT Nm1DZVdKUDNuYnBETTNsM0FLd1c0aTRHb1FTYUxZMW1KY0tNZWpLClhXb0xZWUZLVlZYYzRVWU1H MDlZRVBCTkQwcVN1bGhJMmpEaVpNVWQ0UHFkOHFBTDlTM0ErZDJya1JQSndNZ3UKMW9ZQ0tLSGxW eDVxU2NuWFJLOHdrdERHN3dVVzh6MFcrRU05MTdjTzhVSDNrWCsvT2VqTG00U1ZxeFEwaldSaQpC QjRKYm1FYS9JSXJqbGhyUW9jbUNJSXYxbVpDYUxhTndxUnJpUVNZbXB0aWI5MllXRHVabG5zOURi R2VpekRhCkNlY3E5UERQakZCdUFKLzB0ZDU5RXB6WEhrb01nZkJtUmRpUCtaeWYxYjFVQkRSbFI2 bmF1MHcyM1pyQno5MDMKaTZGRktmQmRwMWdYT21mMjAwZ3dDL3g2Z0dTRWZZZ0FQbWtaTDR3aEZM cDIwNkNxNlZ6QUR6a1JnSWNIdlJvNQpjV2hhOHlWSFN4dVYyM3NJQWdMZwo9K25vbgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============0701612438898783445==--