* IPFire 2.17 - Core Update 88 released
@ 2015-03-20 9:33 The IPFire Project
0 siblings, 0 replies; only message in thread
From: The IPFire Project @ 2015-03-20 9:33 UTC (permalink / raw)
To: ipfire-announce
[-- Attachment #1: Type: text/plain, Size: 1230 bytes --]
http://www.ipfire.org/news/ipfire-2-17-core-update-88-released
This is the official release announcement of IPFire 2.17 – Core Update
88 which brings fixes for several security issues in OpenSSL only hours
after they have been made public.
The individual security issues fixed in this release are as follows:
CVE-2015-0204 RSA silently downgrades to EXPORT_RSA
CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 ASN.1 structure reuse memory corruption
CVE-2015-0289 PKCS7 NULL pointer dereferences
CVE-2015-0292 Base64 decode
CVE-2015-0293 DoS via reachable assert in SSLv2 servers
CVE-2015-0209 Use After Free following d2i_ECPrivatekey error
CVE-2015-0288 X509_to_X509_REQ NULL pointer deref
More information about all these vulnerabilities can be found at
http://openssl.org/news/secadv_20150319.txt.
We recommend installing this update as soon as possible and to reboot
the system afterwards.
In addition to openssl, the openssh package has been updated to version
6.8p1 as well.
We appreciate any kind of your support for our IPFire project. Please
donate [1], help us testing, write documentation or contribute yourself
in other ways.
[1] http://www.ipfire.org/donate
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-03-20 9:33 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-20 9:33 IPFire 2.17 - Core Update 88 released The IPFire Project
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox