This is the official release announcement for IPFire 2.17 – Core Update 91. This update comes with various security fixes – most notably fixes for six security vulnerabilities in the OpenSSL library and two more vulnerabilities in strongSwan.
There are six security vulnerabilities that are fixed in version 1.0.2b of openssl. This version contained an ABI breakage bug that required us to wait for a fix for that and rebuild this Core Update.
Among these are fixes for the Logjam vulnerability and others that are filed under CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, and CVE-2014-8176.
In strongSwan 5.3.1, a security vulnerability that is filed under CVE-2015-3991 was fixed. A denial-of-service and potential code execution was possible with specially crafted IKE messages.
IPFire ships now version 5.3.2 which fixes an second vulnerability (CVE-2015-4171).
A number of other packages have been updated: libnet 1.16, libxml2 2.9.2, libxslt 1.1.28, newt 0.52.19, slang 2.3.0, pcre 8.37
We strongly recommend to install this update as soon as possible and reboot the system afterwards.
Please do not forget to donate if you want to support the IPFire project.
Published by Michael Tremer, June 13, 2015 at 2:30 pm