From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.17 - Core Update 92
Date: Tue, 14 Jul 2015 21:56:43 +0200 [thread overview]
Message-ID: <mailman.28.1436903825.3957.ipfire-announce@lists.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2189 bytes --]
http://www.ipfire.org/news/ipfire-2-17-core-update-92-released
This is the official release announcement for IPFire 2.17 – Core Update
92. This update comes with various security fixes for the OpenSSL
library and the squid web proxy server.
Security Fixes
openssl 1.0.2d
The openssl package has been updated to version 1.0.2d because of a
high severity security fix filed under CVE-2015-1793.
During certificate verification, OpenSSL (starting from version 1.0.1n
and 1.0.2b) will attempt to find an alternative certificate chain if
the first attempt to build such a chain fails. An error in the
implementation of this logic can mean that an attacker could cause
certain checks on untrusted certificates to be bypassed, such as the CA
flag, enabling them to use a valid leaf certificate to act as a CA and
"issue" an invalid certificate.
More information can be found in the security advisory [1].
Squid Advisory SQUID-2015:2
This update comes with a patched version of squid to fix SQUID-2015:2.
Updated packages
conntrack-tools 1.4.2, curl 7.43.0, dnsmasq 2.73, libgcrypt 1.63,
libgpg-error 1.18, libnfnetlink 1.0.1, libnetfilter_conntrack 1.0.4,
libnetfilter_queue 1.0.2, libnetfilter_cthelper (new package), libpcap
1.7.3, libusb 1.0.19 (replaces libusbx), python 2.7.10, rrdtool 1.5.3
Updated add-ons
7zip 9.38.1, asterisk 11.18.0, git 2.4.4 (and perl modules for git send
-email: perl-Net-SMTP-SSL, perl-MIME-Base64, perl-Authen-SASL),
keepalived 1.2.17, libassuan 2.2.0, nano 2.4.1, powertop 2.7, tcpdump
4.7.4, tor 0.2.6.9
Misc
* ipsec: Allow selection of ESP group type (#10860 [3])
* webaccess.cgi: Fix loading language
* connections.cgi: Fix broken NAT rules when there is an empty
destination IP address
* url-filter: Use upstream proxy when downloading blacklists
You can support this project by getting involved [4] into development,
writing documentation, support fellow IPFire users or with your
donation.
[1] https://www.openssl.org/news/secadv_20150709.txt
[2] http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
[3] https://bugzilla.ipfire.org/show_bug.cgi?id=10860
[4] http://www.ipfire.org/getinvolved
[5] http://www.ipfire.org/donate
reply other threads:[~2015-07-14 19:56 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.28.1436903825.3957.ipfire-announce@lists.ipfire.org \
--to=ipfire-announce@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox