With the last Core Update just being released a few days ago, it is time for the next one already. IPFire 2.19 – Core Update 105 patches a number of security issues in two cryptographic libaries: openssl and libgcrypt

OpenSSL Security Fixes

IPFire is now shipping openssl in version 1.0.2i which patches all of the above security vulnerabilities.

libgcrypt Security Flaws

Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316.

As always, we would like to encourage you to help us testing this release and we would like to roll it out to everyone as soon as possible.