IPFire 2.17 - Core Update 99
The IPFire Project
ipfire-announce at lists.ipfire.org
Sat Mar 5 13:31:30 CET 2016
This is the official release announcement for IPFire 2.17 – Core Update
99. Another OpenSSL security fix has been released, so that we created
this Core Update that fixes that among some other security
OpenSSL security fixes – 1.0.2g
Please check out the original security advisory  for more details.
* Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
* Double-free in DSA code (CVE-2016-0705)
* Memory leak in SRP database lookups (CVE-2016-0798)
* BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
* Fix memory issues in BIO_*printf functions (CVE-2016-0799)
* Side channel attack on modular exponentiation (CVE-2016-0702)
* Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
* Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
IPFire is most likely not vulnerable by the most famous of all these
vulnerabilities known as DROWN. However we recommend updating as soon
as possible and we also recommend to reboot the system afterwards.
This is primarily a bugfix release .
The SSH daemon will be restarted during the update in case it
We are currently crowdfunding a Captive Portal for IPFire  and would
like you to ask to check it out and support us!
Please help us to sustain the work on IPFire Project with your donation
More information about the IPFire-Announce