From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.17 - Core Update 91 released
Date: Sat, 13 Jun 2015 16:35:24 +0200 [thread overview]
Message-ID: <mailman.64.1434206424.20702.ipfire-announce@lists.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1950 bytes --]
http://www.ipfire.org/news/ipfire-2-17-core-update-91-released
This is the official release announcement for IPFire 2.17 – Core Update
91. This update comes with various security fixes – most notably fixes
for six security vulnerabilities in the OpenSSL library and two more
vulnerabilities in strongSwan.
OpenSSL security vulnerabilities
There are six security vulnerabilities [1] that are fixed in version
1.0.2b of openssl. This version contained an ABI breakage bug that
required us to wait for a fix for that and rebuild this Core Update.
Among these are fixes for the Logjam vulnerability and others that are
filed under CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792,
CVE-2015-1791, and CVE-2014-8176.
StrongSwan IPsec security vulnerability
In strongSwan 5.3.1, a security vulnerability that is filed under
CVE-2015-3991 was fixed. A denial-of-service and potential code
execution was possible with specially crafted IKE messages.
IPFire ships now version 5.3.2 which fixes an second vulnerability
(CVE-2015-4171).
Other package updates
A number of other packages have been updated: libnet 1.16, libxml2
2.9.2, libxslt 1.1.28, newt 0.52.19, slang 2.3.0, pcre 8.37
Minor changes
* The P2P block feature is now disabled by default on new installations.
There are many false-positive cases and the usage of P2P networks has
declined in the past so that we do not consider this a good default
setting any longer. Existing installations remain unchanged.
* DHCP Server: The list of static leases is now searchable. Static
leases created from the list of dynamic leases are now added and the
user menu will allow editing the new entry right away.
We strongly recommend to install this update as soon as possible and
reboot the system afterwards.
Please do not forget to donate [2] if you want to support the IPFire
project.
[1] http://openssl.org/news/secadv_20150611.txt
[2] http://www.ipfire.org/donate
reply other threads:[~2015-06-13 14:35 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.64.1434206424.20702.ipfire-announce@lists.ipfire.org \
--to=ipfire-announce@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox