http://www.ipfire.org/news/ipfire-2-15-core-update-86-released

This is the official release announcement of IPFire 2.15 – Core Update
86 which brings various security fixes across several packages. Hence we
recommend installing this update as soon as possible and to execute a
reboot afterwards.


Security vulnerabilities

openssl

The openssl library which implements the TLS/SSL protocol and is used by
various other packages in the system has been updated to version 1.0.1k.
This release fixes eight security issues that have all been classified
with “moderate” or less severity (CVE-2014-3571, CVE-2015-0206,
CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205,
CVE-2014-8275, CVE-2014-3570).


openvpn

openvpn has been updated to version 2.3.6 which also fixes a security
vulnerability (CVE-2014-8104) which allowed remote authenticated users
to cause a denial of service.


strongswan

strongswan has been updated to version 5.2.1 and we added a patch that
fixes CVE-2014-9221. Before that it was possible to crash the service
remotely with a custom DH key size.

Originally, Core Update 86 was planned to become IPFire 2.17. This
release has been postponed because we still require some people to send
us back their testing feedback, especially about updating the
bootloader. If you want to join the group of testers, that would help us
out a lot. If you want to support the project otherwise, please check
out the current fundings running on the IPFire wishlist [1].

Sincerely,
-The IPFire Team

[1] http://wishlist.ipfire.org/