IPFire 2.15 - Core Update 83 is available for testing

by Michael Tremer, September 27, 2014

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Hello,

this is the testing announcement for IPFire 2.15 Core Update 83 which mainly provides a fix for several security issues in the GNU bash package also known as “ShellShock” and filed under CVE-2014-6271 and CVE-2014-7169.

ShellShock

It was possible to inject shell commands that were executed from the shell environment. For example:

env x='() { :;}; echo vulnerable' bash -c "echo test"

IPFire uses CGI scripts for its web user interface. Therefore it was possible for authenticated users to execute shell commands with non-root privileges and of course users that had access to the shell on command line.

Further information about this error can be found on:

Misc

  • squid – the Web Proxy – has been updated to version 3.4.7 due to various security and stability fixes
  • Several security and stability fixes have been added to glibc
  • The URL to detailed descriptions of the snort alerts has been updated
  • Various minor bug fixes.


We are looking forward to receive lots of feedback from you guys. We are going to release this update to all users as soon as possible, so please help us doing that!