IPFire 2.17 - Core Update 97 released

The IPFire Project ipfire-announce at lists.ipfire.org
Fri Jan 29 18:50:12 CET 2016


This is the official release announcement for IPFire 2.17 – Core Update
97. An other OpenSSL security fix has been released, which is shipped
in this Core Update among some other security vulnerabilities. As this
is a rather urgent update, we recommend to install it as soon as
possible. We also recommend rebooting after the update has been

OpenSSL security fixes – 1.0.2f

It is possible to exploit the Diffie-Hellman key exchange (CVE-2016-
0701, [1])and get hold of the server’s private exponent. With that any
future connections can be decrypted. Please check out the original
security advisory for more details.

A second fix (CVE-2015-3197) in the OpenSSL library fixes the
deactivation of some SSLv2 ciphers.

An other change will strengthen SSL connections against being taken
over by a man-in-the-middle attack that tries to downgrade the length
of the Diffie-Hellman key that is being used.

OpenSSH 7.1p2

An information leak (CVE-2016-0777) flaw was found in the way the
OpenSSH client roaming feature was implemented. A malicious server
could potentially use this flaw to leak portions of memory (possibly
including private SSH keys) of a successfully authenticated OpenSSH

The SSH daemon will be restarted during the update in case it is

  Please help us to sustain the work on IPFire Project
    with your donation [2].

[1] http://openssl.org/news/secadv/20160128.txt
[2] http://www.ipfire.org/donate
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ipfire.org/pipermail/ipfire-announce/attachments/20160129/16aae77f/attachment.sig>

More information about the IPFire-Announce mailing list