IPFire is a hardened Linux appliance distribution designed for use as a firewall. It offers corporate-level network protection for anyone who needs it, from home users all the way up to large corporations, school networks and authorities. IPFire focusses on security, stability and ease of use. A variety of add-ons can be installed with a single click, to add more features to the base system.
This latest release IPFire 2.15 Core Update 86 brings various security fixes across several packages, hence its recommended that you install this update as soon as possible and to execute a reboot afterwards.
IPFire 2.15 Core Update 86 Security vulnerabilities
- The openssl library which implements the TLS/SSL protocol and is used by various other packages in the system has been updated to version 1.0.1k. This release fixes eight security issues that have all been classified with “moderate” or less severity
- openvpn has been updated to version 2.3.6 which also fixes a security vulnerability (CVE-2014-8104) which allowed remote authenticated users to cause a denial of service.
- strongswan has been updated to version 5.2.1 and we added a patch that fixes CVE-2014-9221. Before that it was possible to crash the service remotely with a custom DH key size.