public inbox for ipfire-announce@lists.ipfire.org
 help / color / mirror / Atom feed
From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.17 - Core Update 88 released
Date: Fri, 20 Mar 2015 10:33:57 +0100	[thread overview]
Message-ID: <mailman.147.1426844139.943.ipfire-announce@lists.ipfire.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 1230 bytes --]

http://www.ipfire.org/news/ipfire-2-17-core-update-88-released

This is the official release announcement of IPFire 2.17 – Core Update
88 which brings fixes for several security issues in OpenSSL only hours
after they have been made public.

The individual security issues fixed in this release are as follows:

    CVE-2015-0204 RSA silently downgrades to EXPORT_RSA
    CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp
    CVE-2015-0287 ASN.1 structure reuse memory corruption
    CVE-2015-0289 PKCS7 NULL pointer dereferences
    CVE-2015-0292 Base64 decode
    CVE-2015-0293 DoS via reachable assert in SSLv2 servers
    CVE-2015-0209 Use After Free following d2i_ECPrivatekey error
    CVE-2015-0288 X509_to_X509_REQ NULL pointer deref

More information about all these vulnerabilities can be found at
http://openssl.org/news/secadv_20150319.txt.

We recommend installing this update as soon as possible and to reboot
the system afterwards.

In addition to openssl, the openssh package has been updated to version
6.8p1 as well.

We appreciate any kind of your support for our IPFire project. Please
donate [1], help us testing, write documentation or contribute yourself
in other ways.

[1] http://www.ipfire.org/donate


                 reply	other threads:[~2015-03-20  9:33 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=mailman.147.1426844139.943.ipfire-announce@lists.ipfire.org \
    --to=ipfire-announce@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox