IPFire 2.17 - Core Update 98 released

The IPFire Project ipfire-announce at lists.ipfire.org
Tue Feb 23 00:39:20 CET 2016


http://www.ipfire.org/news/ipfire-2-17-core-update-98-released

Due to a recently discovered security vulnerability in glibc, we are
releasing this Core Update that contains a fix for CVE-2015-7547.


CVE-2015-7547 in glibc/getaddrinfo

The getaddrinfo() interface is glibc, the system’s main C library, is
used to resolve names into IP addresses using DNS. An attacker can
exploit the process in the system performing this request by sending a
forged reply that is too long causing a stack buffer overflow. Code can
potentially be injected and executed.

IPFire is however not directly exploitable by this vulnerability as it
is using a DNS proxy, that rejects DNS responses that are too long. So
IPFire itself and all systems on the network that use IPFire as DNS
proxy are protected by the DNS proxy. However, we decided to push out a
patch for this vulnerability as quickly as we can.

Please reboot the system after installing the update.

----

I would also like to invite you all to support our latest crowd-funding 
campaign to fund development of a Captive Portal for IPFire:

  http://wishlist.ipfire.org/wish/the-ipfire-captive-portal

Otherwise you can of course donate using the usual ways:

  http://www.ipfire.org/donate


More information about the IPFire-Announce mailing list