IPFire 2.17 - Core Update 88 released
The IPFire Project
ipfire-announce at lists.ipfire.org
Fri Mar 20 10:33:57 CET 2015
This is the official release announcement of IPFire 2.17 – Core Update
88 which brings fixes for several security issues in OpenSSL only hours
after they have been made public.
The individual security issues fixed in this release are as follows:
CVE-2015-0204 RSA silently downgrades to EXPORT_RSA
CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 ASN.1 structure reuse memory corruption
CVE-2015-0289 PKCS7 NULL pointer dereferences
CVE-2015-0292 Base64 decode
CVE-2015-0293 DoS via reachable assert in SSLv2 servers
CVE-2015-0209 Use After Free following d2i_ECPrivatekey error
CVE-2015-0288 X509_to_X509_REQ NULL pointer deref
More information about all these vulnerabilities can be found at
We recommend installing this update as soon as possible and to reboot
the system afterwards.
In addition to openssl, the openssh package has been updated to version
6.8p1 as well.
We appreciate any kind of your support for our IPFire project. Please
donate , help us testing, write documentation or contribute yourself
in other ways.
More information about the IPFire-Announce