The last Core Update has just been a week old, but it is now time for the next one.

This is to announce the release of Core Update 59, which comes with a lot of security fixes. Hence we recommend to update as soon as possible.

Security fixes:

  • openssl (0.9.8x) – which mainly fixes a DoS issue: CVE-2012-2333
  • php (5.3.13) – Fixes CVE-2012-2311. It was possible to add additionional parameters to a CGI call.
  • python (2.7.3) – which mainly fixes the hash table collision bug that has been around for some time. It also contains a lot of minor bugfixes for the language itself.

More updates:

  • The openssh server has been updates to version 6.0p1.
  • strongswan has been updated to 4.6.3, which is a minor bugfix release.

IPFire does not allow to set the MTU to 576 on RED. There are some cable modems around which a broken DHCP server that sets the MTU to 576. However, this causes a huge slowdown of the internet connection which does no longer exists anymore.

Sorry for bothering with two updates this week, but as you can see, the world is spining and we rather like to fix problems than waiting for exploits showing up. If you appreciate this, please donate.

Arne Fitzenreiter - May 18, 2012 at 10:15 am