IPFire 2.19 Core 105 发布了。
IPFire是一份Linux发行,它注重轻松的装备、方便的操作和高级别的安全。它通过一份直观的基于网页的界面来进行操作管理,该界面为新手级及老练 的系统管理员提供很多直观的配置选项。IPFire由一群关注安全及经常更新该产品以保持其安全的开发者来维护。IPFire带有一份定制的叫做 Pakfire的包管理器,系统也可以通过各种附件来进行扩展。
该版本主要对 openssl和libgcrypt进了更新,具体如下:
OpenSSL Security Fixes
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
SWEET32 Mitigation (CVE-2016-2183)
OOB write in MDC2_Update() (CVE-2016-6303)
Malformed SHA512 ticket DoS (CVE-2016-6302)
OOB write in BN_bn2dec() (CVE-2016-2182)
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Constant time flag not preserved in DSA signing (CVE-2016-2178)
DTLS buffered message DoS (CVE-2016-2179)
DTLS replay protection DoS (CVE-2016-2181)
Certificate message OOB reads (CVE-2016-6306)
IPFire is now shipping openssl in version 1.0.2i which patches all of the above security vulnerabilities.
libgcrypt Security Flaws
Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316.
下载地址: