IPFire 2.15 - Core Update 86 released

The IPFire Project ipfire-announce at lists.ipfire.org
Sat Jan 24 18:26:34 CET 2015


This is the official release announcement of IPFire 2.15 – Core Update
86 which brings various security fixes across several packages. Hence we
recommend installing this update as soon as possible and to execute a
reboot afterwards.

Security vulnerabilities


The openssl library which implements the TLS/SSL protocol and is used by
various other packages in the system has been updated to version 1.0.1k.
This release fixes eight security issues that have all been classified
with “moderate” or less severity (CVE-2014-3571, CVE-2015-0206,
CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205,
CVE-2014-8275, CVE-2014-3570).


openvpn has been updated to version 2.3.6 which also fixes a security
vulnerability (CVE-2014-8104) which allowed remote authenticated users
to cause a denial of service.


strongswan has been updated to version 5.2.1 and we added a patch that
fixes CVE-2014-9221. Before that it was possible to crash the service
remotely with a custom DH key size.

Originally, Core Update 86 was planned to become IPFire 2.17. This
release has been postponed because we still require some people to send
us back their testing feedback, especially about updating the
bootloader. If you want to join the group of testers, that would help us
out a lot. If you want to support the project otherwise, please check
out the current fundings running on the IPFire wishlist [1].

-The IPFire Team

[1] http://wishlist.ipfire.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ipfire.org/pipermail/ipfire-announce/attachments/20150124/72af7246/attachment.sig>

More information about the IPFire-Announce mailing list