-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.26
This is a feature release with some minor bugfixes
New Features:
* Support for RSA-PSS (RFC 7427) via authby=rsa-sha2
* Support for ECDSA (RFC 7427) via authby=ecdsa-sha2
* Support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.26
This is a feature release with some minor bugfixes
New Features:
* Support for RSA-PSS (RFC 7427) via authby=rsa-sha2
* Support for ECDSA (RFC 7427) via authby=ecdsa-sha2
* Support
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.25
This is a major bugfix release with some additional features
New Features:
Various Opportunistic IPsec related features
Harden IP triggered OE with new dns-match-id=yes|no
Important bugfixes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.25
This is a major bugfix release with some additional features
New Features:
Various Opportunistic IPsec related features
Harden IP triggered OE with new dns-match-id=yes|no
Important bugfixes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.25
This is a major bugfix release with some additional features
New Features:
Various Opportunistic IPsec related features
Harden IP triggered OE with new dns-match-id=yes|no
Important bugfixes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.23
This is a feature and maintenance release.
New Features:
MOBIKE support (RFC 4555) via mobike=yes|no using XFRM_MIGRATE
IKEv2 split DNS support (draft-ietf-split-dns) via modecfg* options
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.23
This is a feature and maintenance release.
New Features:
MOBIKE support (RFC 4555) via mobike=yes|no using XFRM_MIGRATE
IKEv2 split DNS support (draft-ietf-split-dns) via modecfg* options
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.22
This is a performance enhancement and feature release.
Performance improvements:
After investigating performance under high load, we found a number of
issues that slowed down performance
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.21
This is a bugfix and feature release.
New Features:
This release features Opportunistic IPsec using DNSSEC lookups of
IPSECKEY records. It also adds support for the DNSSEC root key rollover
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.21
This is a bugfix and feature release.
New Features:
This release features Opportunistic IPsec using DNSSEC lookups of
IPSECKEY records. It also adds support for the DNSSEC root key rollover
Please upgrade nss to one of the recommend versions:
https://rhn.redhat.com/errata/RHSA-2017-1100.html
An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed
Please upgrade nss to one of the recommend versions:
https://rhn.redhat.com/errata/RHSA-2017-1100.html
An out-of-bounds write flaw was found in the way NSS performed certain
Base64-decoding operations. An attacker could use this flaw to create a
specially crafted certificate which, when parsed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.20
This is a bugfix and feature release.
New Features:
This releases completes support for the CREATE_CHILD_SA Exchange,
support for the ECP DiffieHellman Groups (19-21), statistics support
via
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.19
This is a major bugfix and feature release.
Important bugfixes:
This version fixes a crasher and/or lockup in the bare shunt handling.
It also includes various memory leak fixes related
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.19
This is a major bugfix and feature release.
Important bugfixes:
This version fixes a crasher and/or lockup in the bare shunt handling.
It also includes various memory leak fixes related
:
https: //libreswan.org/security/CVE-2016-5391/
The Libreswan Project has found a vulnerability in processing IKEv2
proposals that miss a Diffie-Hellman transform for the IKE SA. A NULL
pointer dererefence causes the pluto IKE daemon to crash and restart.
No remote code execution is possible
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.17
This is a security release. It fixes CVE-2016-3071 which can cause the
pluto IKE daemon to restart when receiving an IKE transform containg
AES_XCBC.
New features are ESN support (esn=yes
at the following URLs:
https: //libreswan.org/security/CVE-2016-3071/
The Libreswan Project found a bug in the default proposal set for IKEv2.
This code, introduced in version 3.16, includes the AES_XCBC integrity
algorithm. It wrongly assumes that the NSS cryptographic library supports
this algorithm
at the following URLs:
https: //libreswan.org/security/CVE-2016-3071/
The Libreswan Project found a bug in the default proposal set for IKEv2.
This code, introduced in version 3.16, includes the AES_XCBC integrity
algorithm. It wrongly assumes that the NSS cryptographic library supports
this algorithm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.16
This is a maintanance release that also includes experimental support
for Opportunistic Encryption using AUTH-NULL
A bug was fixed that caused keyingtries=0 to be misinterpreted, which
could
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.15
This is a security release to address CVE-2015-3240
(note this CVE number looks very similar to our previous one, CVE-2015-3204)
The Libreswan Team discovered a bug in the DH handling
The Libreswan Project has released libreswan-3.14
This is a major feature and bugfix release. Upgrade with caution.
Support for two new RFC's was added, RFC 7383 IKEv2 Fragmentation
(fragmentation=|yes|no|force) and RFC 7619 IKEv2 Auth Null (authby=null,
leftid=%null). Support was added
/
The Libreswan Project was notified by Javantea jv...@altsci.com of two
vulnerabilities found by fuzzing IKEv1 payloads. The malicious IKE packet
causes an unexpected state in the IKE daemon resulting in passert() calls
terminating and restarting the IKE daemon. No remote code execution is
possible
The Libreswan Project has released libreswan-3.12
This is a bugfix release, with mostly IKEv2 bugfixes, along with an
X509 chaining certificate bugfix.
You can download libreswan via https at:
https://download.libreswan.org/libreswan-3.12.tar.gz
https://download.libreswan.org/libreswan-3.12
The Libreswan Project has released libreswan-3.11
This is a major bugfix release.
Not all startup timing issues were resolved in 3.10, and this release
fixes the remaining ones with systemd and and auto=route|start
connections. IKEv2 did not ignore certain reserved fields of the IKE
header
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The Libreswan Project has released libreswan-3.9.
This is a feature and major bugfix release. It contains more than the
usual amount of changes. Users of IKEv2 are encouraged to upgrade as this
release contains many IKEv2 enhancements
26 matches
Mail list logo