This is the official release announcement for IPFire 2.19 – Core Update 105 which patches a number of security issues in two cryptographic libaries:
libgcrypt. We recommend installing this update as soon as possible and reboot the IPFire system to complete the update.
IPFire is now shipping
openssl in version 1.0.2i which patches all of the above security vulnerabilities.
Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316.
We are currently crowdfunding a Captive Portal for IPFire and would like you to ask to check it out and support us!
Please help us to support the work on IPFire Project with your donation.
Published by Michael Tremer, September 23, 2016 at 4:30 pm