IPFire 2.17 – Core Update 91 v2 has been pushed to the testing tree a couple of minutes ago. We are planning to release this version of IPFire in the next 24 hours as it comes with important security fixes for the OpenSSL library. Please help us testing this release.
OpenSSL security vulnerabilities
There are six security vulnerabilities that are fixed in version 1.0.2b of openssl.
Among these are fixes for the Logjam vulnerability and others that are filed under CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, and CVE-2014-8176.
Short after uploading core91 into testing the OpenSSL team has released another hotfix update for an ABI brackage so we are forced to rebuild the update again. If you have installed core91 early check the OpenSSL version. If this is older than 1.0.2c install the core update again by reseting /opt/pakfire/db/core/mine to 90 and restart upgrade. (This ABI breack is the reason for hostapd fails and maybee more problems)
StrongSwan IPsec security vulnerability
In strongswan 5.3.1, a security vulnerability that is filed under CVE-2015-3991was fixed. A denial-of-service and potential code execution was possible with specially crafted IKE messages.
Other package updates
A number of other packages have been updated: libnet 1.16, libxml2 2.9.2, libxslt 1.1.28, newt 0.52.19, slang 2.3.0, pcre 8.37
- The P2P block feature is now disabled by default on new installations. There are many false-positive cases and the usage of P2P networks has declined in the past so that we do not consider this a good default setting any longer. Existing installations remain unchanged.
- DHCP Server: The list of static leases is now searchable. Static leases created from the list of dynamic leases are now added and the user menu will allow editing the new entry right away.