The IPFire team announced release of IPFire 2.17 - Core Update 99, latest update of open source, modular, customizable firewall distribution.
This release of IPFire includes an OpenSSL fix, and also several other vulnerability fixes. Though IPFire is not vulnerable by most of the common attacks, the team recommends to stay updated with latest release packages.
According to official release announcement, following are some vulnerabilities fixed in this release.
Download IPFire 2.17 - Core Update 99
This release of IPFire includes an OpenSSL fix, and also several other vulnerability fixes. Though IPFire is not vulnerable by most of the common attacks, the team recommends to stay updated with latest release packages.
According to official release announcement, following are some vulnerabilities fixed in this release.
Read complete release announcement in IPFire blog.
- Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
- Double-free in DSA code (CVE-2016-0705)
- Memory leak in SRP database lookups (CVE-2016-0798)
- BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
- Fix memory issues in BIO_*printf functions (CVE-2016-0799)
- Side channel attack on modular exponentiation (CVE-2016-0702)
- Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
- Bleichenbacher oracle in SSLv2 (CVE-2016-0704)