IPFire 2.13 Core Update 76 released

The IPFire Project ipfire-announce at lists.ipfire.org
Wed Apr 16 12:08:56 CEST 2014


Hello community,

this is the official release announcement for *IPFire 2.13 - Core Update
76*. It comes with a security fix for the strongswan package which is
responsible for IPsec VPN connections. The vulnerability has got the
number CVE-2014-2338 [1]. It was possible to bypass the authentication
and therefore to overtake a VPN connection whilst the original peers are
rekeying. IKEv1 connections are not vulnerable, but IKEv2. Check out the
blog post by the strongswan team [2].

Please update as soon as possible.

I would also like to draw your attention towards the upcoming release of
IPFire 2.15. The first release candidate has been released a couple of
weeks ago and we are searching for testers [3] to find any last-minute
bugs. We are also already thinking about the releases past that and
raising funds to implement Single Sign-On Authentication for the Web
proxy against Windows Active Directory [4] So please check this out,
too. Your support is very much appreciated!

[1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2338
[2] http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html
[3] http://planet.ipfire.org/post/ipfire-2-15-rc1-firewall-test-day-release-schedule
[4] http://wishlist.ipfire.org/wish/windows-active-directory-single-sign-on-for-web-proxy

More information about the IPFire-Announce mailing list