• Fixed kernel security issue CVE-2017-1000364.
  • Security fix for Secure Shadowing: do not accept weak SSL ciphers anymore. As the RC4 cipher is not accepted anymore, this change fixes Bar Mitzvah attacks (CVE-2015-2808).
  • Added possibility to configure minimal allowed SSH cipher security.
    • New registry keys:

      network.ssh_client.minimal_encryption_level

      128bit / 192bit / 256bit

      network.ssh_server.minimal_encryption_level

      128bit / 192bit / 256bit

      		 

  • Updated preinstalled CA certificate package to ubuntu artful version 20161130+nmu1. The list of newly supported and removed certificates can be found at online Release Notes (edocs.igel.com).
    • New certificates:

      Certificate

      expires

      file

      Certplus Root CA G1

      Jan 15 00:00:00 2038 GMT

      Certplus_Root_CA_G1.crt

      Certplus Root CA G2

      Jan 15 00:00:00 2038 GMT

      Certplus_Root_CA_G2.crt

      Certum Trusted Network CA 2

      Oct 6 08:39:56 2046 GMT

      Certum_Trusted_Network_CA_2.crt

      Hellenic Academic and Research Institutions ECC RootCA 2015

      Jun 30 10:37:12 2040 GMT

      Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt

      Hellenic Academic and Research Institutions RootCA 2015

      Jun 30 10:11:21 2040 GMT

      Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt

      ISRG Root X1

      Jun 4 11:04:38 2035 GMT

      ISRG_Root_X1.crt

      OpenTrust Root CA G1

      Jan 15 00:00:00 2038 GMT

      OpenTrust_Root_CA_G1.crt

      OpenTrust Root CA G2

      Jan 15 00:00:00 2038 GMT

      OpenTrust_Root_CA_G2.crt

      OpenTrust Root CA G3

      Jan 15 00:00:00 2038 GMT

      OpenTrust_Root_CA_G3.crt)

      SZAFIR ROOT CA2

      Oct 19 07:43:30 2035 GMT

      SZAFIR_ROOT_CA2.crt

    • Removed certificates:

      Certificate

      expires

      file

      CA Disig

      Mar 22 01:39:34 2016 GMT

      CA_Disig.crt

      CA WoSign ECC Root

      Nov 8 00:58:58 2044 GMT

      CA_WoSign_ECC_Root.crt

      Certification Authority of WoSign G2

      Nov 8 00:58:58 2044 GMT

      Certification_Authority_of_WoSign_G2.crt

      NetLock Uzleti (Class B) Tanusitvanykiado

      Feb 20 14:10:22 2019 GMT

      NetLock_Business_=Class_B=_Root.crt

      NetLock Expressz (Class C) Tanusitvanykiado

      Feb 20 14:08:11 2019 GMT

      NetLock_Express_=Class_C=_Root.crt

      NetLock Kozjegyzoi (Class A) Tanusitvanykiado

      Feb 19 23:14:47 2019 GMT

      NetLock_Notary_=Class_A=_Root.crt

      NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado

      Dec 15 01:47:11 2022 GMT

      NetLock_Qualified_=Class_QA=_Root.crt

      Sonera Class1 CA

      Apr 6 10:49:13 2021 GMT

      Sonera_Class_1_Root_CA.crt

      Staat der Nederlanden Root CA

      Dec 16 09:15:38 2015 GMT

      Staat_der_Nederlanden_Root_CA.crt

      StartCom Certification Authority

      Sep 17 19:46:36 2036 GMT

      StartCom_Certification_Authority.crt

      StartCom Certification Authority

      Sep 17 19:46:36 2036 GMT

      StartCom_Certification_Authority_2.crt

      StartCom Certification Authority G2

      Dec 31 23:59:01 2039 GMT

      StartCom_Certification_Authority_G2.crt

      Class 1 Public Primary Certification Authority - G2 (c) 1998 VeriSign, Inc. - For authorized use only VeriSign Trust * Network

      Aug 1 23:59:59 2028 GMT

      Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt

      Class 3 Public Primary Certification Authority - G2 (c) 1998 VeriSign, Inc. - For authorized use only VeriSign Trust * Network

      Aug 1 23:59:59 2028 GMT

      Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt

      Class 3 Public Primary Certification Authority

      Aug 2 23:59:59 2028 GMT

      Verisign_Class_3_Public_Primary_Certification_Authority_2.crt)

      Certification Authority of WoSign

      Aug 8 01:00:01 2039 GMT

      WoSign.crt

      CA 沃通根证书

      Aug 8 01:00:01 2039 GMT

      WoSign_China.crt