* bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
* Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes CVE-2017-13089
A stack-based buffer overflow when processing chunked, encoded HTTP
responses was found in wget. By tricking an unsuspecting user into
connecting to a malicious HTTP server, an attacker could exploit
this flaw to potentially execute arbitrary code.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Another clickable link for 'proxy.cgi', this time for 'Cache Manager Interface' - this one opens in a new window.
And: This time - hopefully - with correct '_blank'-attribute (deleted the backslashes) - based on current 'next'.
Plus: Deleted some "blind" tabs - found by chance.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Do not allow credentials being submitted in plaintext to Apache.
Instead, redirect the user with a 301 to the TLS version of IPFire's
web interface.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Voucher was used instead of coupon in English, and Coupon
was used instead of Gutschein in German.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
CVE-2017-13087, CVE-2017-13088
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
A vulnerability was found in how a number of implementations can be
triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by
replaying a specific frame that is used to manage the keys. Such
reinstallation of the encryption key can result in two different types
of vulnerabilities: disabling replay protection and significantly
reducing the security of encryption to the point of allowing frames to
be decrypted or some parts of the keys to be determined by an attacker
depending on which cipher is used.
This fixes: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079,
CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086,
CVE-2017-13087, CVE-2017-13088
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
