-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The Libreswan Project has released libreswan-4.13 This is a security release that addresses one minor CVEs and a few bugfixes: * Security: Fixes http://libreswan.org/security/CVE-2024-2357 * BSD: fix esp=aes_gcm [Andrew] * x509: unpack IPv6 general names based on length [Andrew] * pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti@github] The vulnerability disclosed in CVE-2024-2357 can only be triggered when using IKEv2 with PreSharedKey (authby=secret) when no matching secret has been loaded into pluto. For details and patches see: https://libreswan.org/security/CVE-2024-2357 You can download libreswan via https at: https://download.libreswan.org/libreswan-4.13.tar.gz https://download.libreswan.org/libreswan-4.13.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our bug tracker: https://lists.libreswan.org/ https://github.com/libreswan/libreswan/ Binary packages for RHEL/CentOS can be found at: https://download.libreswan.org/binaries/ Binary packages for Fedora and Debian should be available in their respective repositories a few days after this release. See also https://libreswan.org/ v4.13 (March 11, 2024) * Security: Fixes http://libreswan.org/security/CVE-2024-2357 * Linux: make libcap-ng failures non-fatal [Andrew] * BSD: fix esp=aes_gcm [Andrew] * NetBSD: fix compiler warning in lib/libswan/x509.c [Andrew] * x509: unpack IPv6 general names based on length [Andrew] * pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti@github] -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmXvWjkTHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+UaID/9rDK+K0v8UxCdMeAT8k9D8Eze8o9fZ +PFk9dNLIjy/jGVJmYkKt03oV3T95Hqs6NvseIqoiKxpou5QEbW94u37YQmT/+18 +8HlRrMH7dGz0T1U49PXgI5InYBUITCZ5dNxDLcbh0RsjBkpyRk8mkHUoro3Ucp3 /kXUEfr8HKULie4rprvey/5fcMgc3MQAOzAFg/thvHEhW6ebVEj3f8O6ndZYIYJS 6TYfbOzCo400770KQvhdytJYMlB8Z5+t8gTdw238QHTqium4HUC3gF/250AcLXTR zXww7NvHR6DMlcEUfDhHfBkL6ygFeleKXD/pFM4mM20WcvbubbMYlRLoVoeiIGE4 aRig06siNl7J4RvYEMUb52caWX/fg4dh/9t12VCEe/oh1kQ6UIkDsC6YgDri4TFo fnYQrAWcE/yy4b1juX+bd8kDaIvwVEhGuk2ePGBRYT3a2Wx03GzHJd+HLGanY8QI 12pKILar5Fpe+QZmDhHJUFUy5EgGJjioNdznESDtfU/f21qXcjUj7YBmGRaD+FjP 5gfEqdXKg0WsrcNkTXBZVgfybEuMFtsFJVZ/82UhWVYY0JwjdvMtuIsLSNOjgl92 ZEBTYVUYD1PSazsgxR/PFVWg1T4SrBL413cL5KIwKCNBJ4RFc4Gh/M9XFBjTQ/OV KzTbIDsCuHN73g== =OgHe -----END PGP SIGNATURE----- _______________________________________________ Swan-announce mailing list swan-annou...@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-announce _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev
