-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The Libreswan Project has released libreswan-4.12 This is a security release that addresses three minor CVEs and a bugfix: CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38711: Invalid IKEv1 Quick Mode ID causes restart CVE-2023-38712: Invalid IKEv1 repeat IKE SA delete causes crash and restart All three CVEs require the peer has fully authenticated before the malicious misformed payload can be send. Therefor, these CVEs mostly affect remote access VPN services. For details and patches see: https://libreswan.org/security/CVE-2023-38710/ https://libreswan.org/security/CVE-2023-38711/ https://libreswan.org/security/CVE-2023-38712/ You can download libreswan via https at: https://download.libreswan.org/libreswan-4.12.tar.gz https://download.libreswan.org/libreswan-4.12.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our bug tracker: https://lists.libreswan.org/ https://github.com/libreswan/libreswan/ Binary packages for RHEL/CentOS can be found at: https://download.libreswan.org/binaries/ Binary packages for Fedora and Debian should be available in their respective repositories a few days after this release. See also https://libreswan.org/ 4.12 (Aug 8, 2023) * SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-38710 * SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38711 * SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38712 * pluto: Do not crash on ipcomp expiry msg -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmTSaKsTHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+WhxD/kBpl1jFVOdmR2JekxqXJGmxcuWAo1W LTtcXoOcJeqzSKDZKEVAx328NEsnngxIbSoHdkI8Kt5O4fViw8jW7SRu3Pa72YnO loY3qO5U5yMEhSjJLSP0olNO/nJtDaYj71/Z9uXAcR2PWn2VQsT4jKXlneFOwmiK HVUFX04a7icgshTdhx8YkdZkuyYed3vtbLyBjbY9dLFDieaPwLiqdAjeRV07NHZu GecxWqJ2cfdsZtsxchmvrbgU9yijzyazPCFXDy9BWs4a9Xn7Y/39GebqJwisjeHf uve2ugyVocpOt+QrwRepSOAN9TOQQMJJ8hGrtq5LfFYzV7lQzsR10SDEVNGqSTfa i7RgYmd7JcNb/k3PY99YGiMzIXhSWy9Xjv+CIVoudlT1jTgAQp0dJhJN1GTnNNxo abq3RVl0+7YY7I3259d47PrKTihLUkMovMxg1MYztQ+0fCOFMC3lTVqRJW86RNnS 2jVtPq7JtTPmmqNmcg1wZAU7V5x5depn2bvOcBYAFxcD+aJZ5WHk7feh4M9vOSAe IkD+BhSM06A7a0nInRK0EzE3c2hmT/4QhoYcVlzGJrG+lvHL+5ctJp29LZJEeM0e Hql605V0u77r8RsIBwa/V/X1ld79jp2zpiEplyFyAa4ZUoWZdWuEWcf13ub8EorR 056fvoi7tCBZmg== =SWx4 -----END PGP SIGNATURE----- _______________________________________________ Swan-announce mailing list swan-annou...@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-announce _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
