IPFire 2.17 - Core Update 99 Released

The IPFire team announced release of IPFire 2.17 - Core Update 99, latest update of open source, modular, customizable firewall distribution.

This release of IPFire includes an OpenSSL fix, and also several other vulnerability fixes. Though IPFire is not vulnerable by most of the common attacks, the team recommends to stay updated with latest release packages.

According to official release announcement, following are some vulnerabilities fixed in this release.
  • Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)
  • Double-free in DSA code (CVE-2016-0705)
  • Memory leak in SRP database lookups (CVE-2016-0798)
  • BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption (CVE-2016-0797)
  • Fix memory issues in BIO_*printf functions (CVE-2016-0799)
  • Side channel attack on modular exponentiation (CVE-2016-0702)
  • Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)
  • Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
Read complete release announcement in IPFire blog.

Download IPFire 2.17 - Core Update 99
ISO - i586 - 159 MB

Share this