IPFire 2.17 - Core Update 99

The IPFire Project ipfire-announce at lists.ipfire.org
Sat Mar 5 13:31:30 CET 2016


This is the official release announcement for IPFire 2.17 – Core Update
99. Another OpenSSL security fix has been released, so that we created
this Core Update that fixes that among some other security

OpenSSL security fixes – 1.0.2g

Please check out the original security advisory [1] for more details.

* Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
* Double-free in DSA code (CVE-2016-0705)
* Memory leak in SRP database lookups (CVE-2016-0798)
* BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
* Fix memory issues in BIO_*printf functions (CVE-2016-0799)
* Side channel attack on modular exponentiation (CVE-2016-0702)
* Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
* Bleichenbacher oracle in SSLv2 (CVE-2016-0704)

IPFire is most likely not vulnerable by the most famous of all these
vulnerabilities known as DROWN. However we recommend updating as soon
as possible and we also recommend to reboot the system afterwards.

OpenSSH 7.2p1

This is primarily a bugfix release [2].

The SSH daemon will be restarted during the update in case it
is enabled.

We are currently crowdfunding a Captive Portal for IPFire [3] and would
like you to ask to check it out and support us! 

Please help us to sustain the work on IPFire Project with your donation

[1] http://openssl.org/news/secadv/20160301.txt
[2] http://www.openssh.com/txt/release-7.2
[3] http://wishlist.ipfire.org/wish/the-ipfire-captive-portal
[4] http://www.ipfire.org/donate

More information about the IPFire-Announce mailing list