-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The Libreswan Project has released libreswan-3.32 This is a security release that addresses CVE-2020-1763. This vulnerability can cause libreswan to restart after receiving an unauthenticated bogus IKEv1 Informational Exchange packet. For details and patches see: https://libreswan.org/security/CVE-2020-1763/ You can download libreswan via https at: https://download.libreswan.org/libreswan-3.32.tar.gz https://download.libreswan.org/libreswan-3.32.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our bug tracker: https://lists.libreswan.org/ https://bugs.libreswan.org/ Binary packages for RHEL/CentOS can be found at: https://download.libreswan.org/binaries/ Binary packages for Fedora and Debian should be available in their respective repositories a few days after this release. See also https://libreswan.org/ v3.32 (May 11, 2020) * SECURITY: Fixes CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763 * IKEv2: Support non-narrowed child rekey for narrowing (regression in 3.31) * FIPS: ECDSA keys were mistakenly rejected as "too weak" [Paul] * FIPS: Minimum RSA key size is 2048, not 3072 [Paul] * FIPS: Use NSS to check FIPS mode instead of manually checking fips=1 [Paul] * IKEv2: Do not use fragments if not appropriate (regression from v3.30) [Paul] * IKEv1: Add NSS KDF support for the Quick Mode KDF [Andrew/Paul] * libipsecconf: support old-style ",," to mean "\," in specifying id [Paul] * libipsecconf: left/rightinterface-ip= are not kt_obsolete [Paul] * whack: Add missing ecdsa/sha2 and compat rsa policy options to whack [Paul] * Fix left=%iface syntax due to string length miscalculation [Antony] * X509: don't try to match up ID on SAN when ID type is ID_DER_ASN1_DN [Paul] * packaging: debian fixes [Antony] * building: USE_NSS_KDF=true now uses NSS for all KDF functions Using this option, libreswan no longer needs FIPS certification -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAl65YMYTHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+X2ED/99ZZMFbUmAzQEgm+u+GXkQu7Ni5LnD ta4Vre0Zu74C9R9AHmK8RrY+HysTXKcJhqXONSbq2QQNn5Y6plA8vI7hWNyEBpmS rsav2GQX1CPNv1RPPbrZRNWXuJ5VxGA+bvNyngKuw7qD/QGvvITImcW4Q/7hOJXj iMYmdKQstOSlsSxID9OqdKQUEJWYJ+ajOjIaA6CENzbFuGE5/78HbUvkUMhGdLAn FGP1bXJDdXfMAyxjB0rapNakdr4RomsVbleZ0Zrbe/pRs5C0Qu6iL4zlxeVXMOWB uHCpiNHKXLrMj6T/OLlrcsSPpqJFvY9uObwxQSP6Ihe5arhNz7Guc2IBEE6nFik/ urpUw0MjtJ4nYsoEZIexyHCNUY/0icVOXQI8z6bTDZHH2OKXrtyoQivIN6S26Ps2 htL0hAWvrSTcqv4G6b2mS1K74WZmKt5klepRbr69YzW8CasXN0kQa/Wa09EpRp1X 07+6I4wknyYniQ53T7P/gDol+R4tp0Stt6Va/hq/vog5RcccK3fTgdAXQUD8OMde TNlbsv17mUBumcQvZQiMFXXm/EAuSxSH6B9grTxKOiHKqXBPayzJ+Y0Ex37KuciH Ss1G9fuXxENcVoeE1/2QPCNEQ9jDuD0KX1q2lcX7yEwOQZkrj6IKj66+oL/KPKmY Jo0HVIJ1brXTdg== =F7cd -----END PGP SIGNATURE----- _______________________________________________ Swan-announce mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-announce _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
