14 DAY TRIAL // Only three days after announcing the release of IPFire 2.19 Core Update 104, Michael Tremer informs the community about the availability of a new update, Core Update 105, which brings important OpenSSL patches.
Therefore, IPFire 2.19 Core Update 105 is now the latest version, which is a recommended update for anyone running IPFire 2.19 Core Update 104 or a previous maintenance release, and it includes OpenSSL 1.0.2i, an important security patch that addresses a total of eleven vulnerabilities discovered by various developers upstream. Additionally, it also fixes a recent security flaw in the libgcrypt library.
"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316," says Michael Tremer in the release announcement.
Again, if you are using IPFire 2.19 Core Update 104 or any of the previous builds, you need to update to IPFire 2.19 Core Update 105 as soon as possible to patch these nasty OpenSSL and Libgcrypt security vulnerabilities. Newcomers can download the installation mediums of IPFire 2.19 Core Update 105 right now via our website if they want to deploy the Linux-based firewall on new machines.