[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfire-announce
Subject: IPFire 2.13 Core Update 76 released
From: The IPFire Project <ipfire-announce () lists ! ipfire ! org>
Date: 2014-04-16 10:08:56
Message-ID: mailman.107.1397642984.725.ipfire-announce () lists ! ipfire ! org
[Download RAW message or body]
http://www.ipfire.org/news/ipfire-2-13-core-update-76-released
Hello community,
this is the official release announcement for *IPFire 2.13 - Core Update
76*. It comes with a security fix for the strongswan package which is
responsible for IPsec VPN connections. The vulnerability has got the
number CVE-2014-2338 [1]. It was possible to bypass the authentication
and therefore to overtake a VPN connection whilst the original peers are
rekeying. IKEv1 connections are not vulnerable, but IKEv2. Check out the
blog post by the strongswan team [2].
Please update as soon as possible.
I would also like to draw your attention towards the upcoming release of
IPFire 2.15. The first release candidate has been released a couple of
weeks ago and we are searching for testers [3] to find any last-minute
bugs. We are also already thinking about the releases past that and
raising funds to implement Single Sign-On Authentication for the Web
proxy against Windows Active Directory [4] So please check this out,
too. Your support is very much appreciated!
[1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2338
[2] http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html
[3] http://planet.ipfire.org/post/ipfire-2-15-rc1-firewall-test-day-release-schedule
[4] http://wishlist.ipfire.org/wish/windows-active-directory-single-sign-on-for-web-proxy
_______________________________________________
IPFire-Announce mailing list
IPFire-Announce@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/ipfire-announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic