This is the official release announcement of IPFire 2.15 – Core Update 86 which brings various security fixes across several packages. Hence we recommend installing this update as soon as possible and to execute a reboot afterwards.
openssl library which implements the TLS/SSL protocol and is used by various other packages in the system has been updated to version 1.0.1k. This release fixes eight security issues that have all been classified with “moderate” or less severity (CVE-2014-3571,
CVE-2015-0206, CVE-2014-3569, CVE-2014-3572, CVE-2015-0204, CVE-2015-0205,
openvpn has been updated to version 2.3.6 which also fixes a security vulnerability (CVE-2014-8104) which allowed remote authenticated users to cause a denial of service.
strongswan has been updated to version 5.2.1 and we added a patch that fixes CVE-2014-9221. Before that it was possible to crash the service remotely with a custom DH key size.
Originally, Core Update 86 was planned to become IPFire 2.17. This release has been postponed because we still require some people to send us back their testing feedback, especially about updating the bootloader. If you want to join the group of testers, that would help us out a lot. If you want to support the project otherwise, please check out the current fundings running on the IPFire wishlist.