发布于 2016-09-28 01:21:06 | 190 次阅读 | 评论: 0 | 来源: 网友投递
IPFire 2.19 Core 105 发布了。
该版本主要对 openssl和libgcrypt进了更新,具体如下:
OpenSSL Security Fixes
OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
SWEET32 Mitigation (CVE-2016-2183)
OOB write in MDC2_Update() (CVE-2016-6303)
Malformed SHA512 ticket DoS (CVE-2016-6302)
OOB write in BN_bn2dec() (CVE-2016-2182)
OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
Pointer arithmetic undefined behaviour (CVE-2016-2177)
Constant time flag not preserved in DSA signing (CVE-2016-2178)
DTLS buffered message DoS (CVE-2016-2179)
DTLS replay protection DoS (CVE-2016-2181)
Certificate message OOB reads (CVE-2016-6306)
IPFire is now shipping openssl in version 1.0.2i which patches all of the above security vulnerabilities.
libgcrypt Security Flaws
Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt’s random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions and is filed under CVE-2016-6316.
下载地址:
http://downloads.ipfire.org/release/ipfire-2.19-core105