Michael Tremer

IPFire 2.17 - Core Update 92 is available for testing
by Michael Tremer, July 9, 2015

IPFire 2.17 – Core Update 92 has been pushed to the testing tree a couple of minutes ago. We are planning to release this version of IPFire as soon as possible as it contains important security fixes for the OpenSSL library and the squid web proxy server. Please help us testing this release.

Security Fixes

openssl 1.0.2d

The openssl package has been updated to version 1.0.2d because of a high severity security fix filed under CVE-2015-1793.

During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

More information can be found in the security advisory.

Squid Advisory SQUID-2015:2

This update comes with a patched version of squid to fix SQUID-2015:2.

Updated packages

conntrack-tools 1.4.2, curl 7.43.0, dnsmasq 2.73, libgcrypt 1.63, libgpg-error 1.18, libnfnetlink 1.0.1, libnetfilter_conntrack 1.0.4, libnetfilter_queue 1.0.2, libnetfilter_cthelper (new package), libpcap 1.7.3, libusb 1.0.19 (replaces libusbx), python 2.7.10, rrdtool 1.5.3

Updated add-ons

7zip 9.38.1, asterisk 11.18.0, git 2.4.4 (and perl modules for git send-email: perl-Net-SMTP-SSL, perl-MIME-Base64, perl-Authen-SASL), keepalived 1.2.17, libassuan 2.2.0, nano 2.4.1, powertop 2.7, tcpdump 4.7.4, tor 0.2.6.9

Misc


Posted: July 9, 2015 • 1638 views