IPFire 2.15 - Core Update 81 released

The IPFire Project ipfire-announce at lists.ipfire.org
Fri Aug 8 17:47:53 CEST 2014


This is the official release announcement for IPFire 2.15 – Core Update
81 comes with fixes for nine security vulnerabilities in the OpenSSL
library and some other smaller bugfixes. We recommend to install this
update as soon as possible and reboot your systems.

OpenSSL 1.0.1i

Those OpenSSL security fixes are filed under CVE-2014-3508,
CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506,
CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, and CVE-2014-3512. They are
all in various protocols and parts of the library, but all of moderate


* The firewall has been extended to detect more types of port scans over
the TCP protocol and connections that are marked as invalid by the
connection tracking are from now on dropped. Some broken TCP/IP stacks
(how we find them in Android) caused that packets could get from the
internal networks to RED without being masqueraded.

* ddns – The new dynamic DNS updater
* * The logging if no update has been performed has been silenced and is
only visible in debugging mode. This was a request by users who use
flash drives and would like to preserve a long lifetime of those.
* * Using special characters like “%” in passwords is now possible to
* * Support for regfish.com has been fixed.

* lzo has been downgraded to version 2.06 because it did not work on ARM
any more. However, the security fix from the last core update has been

* OpenVPN: When creating a new roadwarrior connection, a required field
of the certificate form has not been validated correctly if no input was


* The tor addon has been updated to version with a fix that
users of the network cannot be de-anonymized easily.
* check_mk_agent has been added.

Thanks to everyone who has contributed to this update in any way. If you
like our project and want to support us we would be happy if you donate.

More information about the IPFire-Announce mailing list