IPFire 2.19 Core 105 发布了。
IPFire 是建立在 Linux 源码上的防火墙发行版,并且还带有大量的附加功能。它易于设置和管理。它采用的状态检测防火墙,内容过滤引擎,交通控制质量( QoS ) , VPN技术,和大量的记录。
该版本主要对 openssl和libgcrypt进了更新,具体如下:
OpenSSL Security Fixes
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
SWEET32 Mitigation (CVE-2016-2183)
OOB write in MDC2_Update() (CVE-2016-6303)
Malformed SHA512 ticket DoS (CVE-2016-6302)
OOB write in BN_bn2dec() (CVE-2016-2182)
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Constant time flag not preserved in DSA signing (CVE-2016-2178)
DTLS buffered message DoS (CVE-2016-2179)
DTLS replay protection DoS (CVE-2016-2181)
Certificate message OOB reads (CVE-2016-6306)
IPFire is now shipping openssl in version 1.0.2i which patches all of the above security vulnerabilities.
libgcrypt Security Flaws
Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316.
下载地址: