IPFire 2.13 - Core Update 76 released

by Michael Tremer, April 16, 2014

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Hello community,

this is the official release announcement for IPFire 2.13 – Core Update 76. It comes with a security fix for the strongswan package which is responsible for IPsec VPN connections. The vulnerability has got the number CVE-2014-2338. It was possible to bypass the authentication and therefore to overtake a VPN connection whilst the original peers are rekeying. IKEv1 connections are not vulnerable, but IKEv2. Check out the blog post by the strongswan team.

Please update as soon as possible.

I would also like to draw your attention towards the upcoming release of IPFire 2.15. The first release candidate has been released a couple of weeks ago and we are searching for testers to find any last-minute bugs. We are also already thinking about the releases past that and raising funds to implement Single Sign-On Authentication for the Web proxy against Windows Active Directory. So please check this out, too. Your support is very much appreciated!