This is the official release announcement for IPFire 2.15 – Core Update 81 comes with fixes for nine security vulnerabilities in the OpenSSL library and some other smaller bugfixes. We recommend to install this update as soon as possible and reboot your systems.

OpenSSL 1.0.1i

Those OpenSSL security fixes are filed under CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, and CVE-2014-3512. They are all in various protocols and parts of the library, but all of moderate severity.

Misc

  • The firewall has been extended to detect more types of port scans over the TCP protocol and connections that are marked as invalid by the connection tracking are from now on dropped. Some broken TCP/IP stacks (how we find them in Android) caused that packets could get from the internal networks to RED without being masqueraded.
  • ddns – The new dynamic DNS updater
    • The logging if no update has been performed has been silenced and is only visible in debugging mode. This was a request by users who use flash drives and would like to preserve a long lifetime of those.
    • Using special characters like “%” in passwords is now possible to use.
    • Support for regfish.com has been fixed.
  • lzo has been downgraded to version 2.06 because it did not work on ARM any more. However, the security fix from the last core update has been backported.
  • OpenVPN: When creating a new roadwarrior connection, a required field of the certificate form has not been validated correctly if no input was given.

Add-ons

  • The tor addon has been updated to version 0.2.4.23 with a fix that users of the network cannot be de-anonymized easily.
  • check_mk_agent has been added.


Thanks to everyone who has contributed to this update in any way. If you like our project and want to support us we would be happy if you donate.


Published by Michael Tremer, August 8, 2014 at 3:45 pm