IPFire 2.15 - Core Update 85 released

[The IPFire Project <ipfire-announce@lists.ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1432 bytes --]

http://www.ipfire.org/news/ipfire-2-15-core-update-85-released

This is the official release announcement for IPFire 2.15 – Core Update
85. It comes with security fixes for the SSL issue known as POODLE,
which was recently discovered.


POODLE (CVE-2014-3566)

As there is no fix for POODLE, the OpenSSL developers applied a
workaround called “Signaling Cipher Suite Value” (SCSV) that prevents
protocol downgrade attacks (the downgrade dance) on the TLS protocol.
More information about this mechanism can be found in the IETF draft [1]
and more about POODLE can be found in the POODLE whitepaper [2].

As a precaution we disabled SSL 3.0 for the web administration
interface. Accessing that will require you to use a recent browser and
operating system that is able to use TLS 1.0 or a more recent version.
We already made some experiences with this as our web and mail servers
do not allow to use SSL 3.0 since a couple of weeks and there were
absolutely no reports from people who are not able to access our
websites.

We recommend to install this update as soon as possible. After doing so,
your system will need to reboot.

Please support the IPFire project with your donation [3]. Your help is a
foundation of this project and very much appreciated by all
contributors.


[1] https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
[2] https://www.openssl.org/~bodo/ssl-poodle.pdf
[3] http://www.ipfire.org/donate

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]