IPFire 2.15 - Core Update 85 released

The IPFire Project ipfire-announce at lists.ipfire.org
Sun Oct 19 18:03:45 CEST 2014


http://www.ipfire.org/news/ipfire-2-15-core-update-85-released

This is the official release announcement for IPFire 2.15 – Core Update
85. It comes with security fixes for the SSL issue known as POODLE,
which was recently discovered.


POODLE (CVE-2014-3566)

As there is no fix for POODLE, the OpenSSL developers applied a
workaround called “Signaling Cipher Suite Value” (SCSV) that prevents
protocol downgrade attacks (the downgrade dance) on the TLS protocol.
More information about this mechanism can be found in the IETF draft [1]
and more about POODLE can be found in the POODLE whitepaper [2].

As a precaution we disabled SSL 3.0 for the web administration
interface. Accessing that will require you to use a recent browser and
operating system that is able to use TLS 1.0 or a more recent version.
We already made some experiences with this as our web and mail servers
do not allow to use SSL 3.0 since a couple of weeks and there were
absolutely no reports from people who are not able to access our
websites.

We recommend to install this update as soon as possible. After doing so,
your system will need to reboot.

Please support the IPFire project with your donation [3]. Your help is a
foundation of this project and very much appreciated by all
contributors.


[1] https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
[2] https://www.openssl.org/~bodo/ssl-poodle.pdf
[3] http://www.ipfire.org/donate
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ipfire.org/pipermail/ipfire-announce/attachments/20141019/27b5d76a/attachment.sig>


More information about the IPFire-Announce mailing list