IPFire 2.17 - Core Update 88 released

The IPFire Project ipfire-announce at lists.ipfire.org
Fri Mar 20 10:33:57 CET 2015


http://www.ipfire.org/news/ipfire-2-17-core-update-88-released

This is the official release announcement of IPFire 2.17 – Core Update
88 which brings fixes for several security issues in OpenSSL only hours
after they have been made public.

The individual security issues fixed in this release are as follows:

    CVE-2015-0204 RSA silently downgrades to EXPORT_RSA
    CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp
    CVE-2015-0287 ASN.1 structure reuse memory corruption
    CVE-2015-0289 PKCS7 NULL pointer dereferences
    CVE-2015-0292 Base64 decode
    CVE-2015-0293 DoS via reachable assert in SSLv2 servers
    CVE-2015-0209 Use After Free following d2i_ECPrivatekey error
    CVE-2015-0288 X509_to_X509_REQ NULL pointer deref

More information about all these vulnerabilities can be found at
http://openssl.org/news/secadv_20150319.txt.

We recommend installing this update as soon as possible and to reboot
the system afterwards.

In addition to openssl, the openssh package has been updated to version
6.8p1 as well.

We appreciate any kind of your support for our IPFire project. Please
donate [1], help us testing, write documentation or contribute yourself
in other ways.

[1] http://www.ipfire.org/donate



More information about the IPFire-Announce mailing list