webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
22,497 Commits 2 Branches 1 Tag
4ac5f13f1e5358ceddc83343c52738ea73c40f9a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Tremer 4ac5f13f1e openssl: Update to 3.3.2 
Possible denial of service in X.509 name checks (CVE-2024-6119)
===============================================================

Severity: Moderate

Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.

Impact summary: Abnormal termination of an application can a cause a denial of
service.

Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.

Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.

TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a "reference identifier" (expected
identity), but rather extract the presented identity after checking the
certificate chain.  So TLS servers are generally not affected and the severity
of the issue is Moderate.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
OpenSSL 1.1.1 and 1.0.2 are also not affected by this issue.

OpenSSL 3.3, 3.2, 3.1 and 3.0 are vulnerable to this issue.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2024-09-03 18:00:17 +00:00
config
taglib: Update to version 2.0.2
2024-09-03 12:53:41 +00:00
doc
Run "./make.sh lang"
2024-08-23 09:22:17 +00:00
html
guardian.cgi: Use the new service widget
2024-08-21 16:14:40 +02:00
langs
index.cgi: Improve the warning box
2024-08-21 15:47:08 +02:00
lfs
openssl: Update to 3.3.2
2024-09-03 18:00:17 +00:00
src
coreutils: Drop the i18n patch
2024-08-29 07:36:27 +00:00
tests
initscripts fkt: Check that readhash returns 1 on a missing file
2024-08-24 12:19:56 +00:00
tools
find-missing-libs.sh: Make file executable as rest in tools directory
2024-08-30 15:43:52 +00:00
.gitignore
.gitignore: Ignore images_* directories
2024-07-22 15:21:20 +00:00
.mailmap
.mailmap: Add Adolf Belka
2021-03-10 14:42:37 +00:00
make.sh
libxxhash: New install, required by borgbackup version 1.4.0
2024-08-30 15:44:23 +00:00
README.md
README.md: fix minor typo
2024-03-30 12:12:42 +00:00

README.md

IPFire 2.x - The Open Source Firewall

What is IPFire?

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone. For a full list of features have a look here.

This repository contains the source code of IPFire 2.x which is used to build the whole distribution from scratch, since IPFire is not based on any other distribution.

Where can I get IPFire?

Just head over to https://www.ipfire.org/download

How do I use this software?

We have a long and detailed documentation located here which should answer most of your questions.

But I have some questions left. Where can I get support?

You can ask your question at our community located here. A complete list of our support channels can be found here.

How can I contribute?

We have another document for this. Please look here.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 101 MiB
Languages
Perl 70.4%
Shell 23%
C 4%
Python 0.6%
Makefile 0.5%
Other 1.4%