Imported Upstream version 5.3.1

author: Yves-Alexis Perez <corsac@debian.org> 2015-06-01 14:46:30 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2015-06-01 14:46:30 +0200
commit: fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch)
tree: 7360889e50de867d72741213d534a756c73902c8 /NEWS
parent: 83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff)
download: vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz
vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 81a7fc5fc..b2e8cb2e6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,19 @@
+strongswan-5.3.1
+----------------
+
+- Fixed a denial-of-service and potential remote code execution vulnerability
+  triggered by IKEv1/IKEv2 messages that contain payloads for the respective
+  other IKE version. Such payload are treated specially since 5.2.2 but because
+  they were still identified by their original payload type they were used as
+  such in some places causing invalid function pointer dereferences.
+  The vulnerability has been registered as CVE-2015-3991.
+
+- The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
+  primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
+  instructions and works on both x86 and x64 architectures. It provides
+  superior crypto performance in userland without any external libraries.
+
+
 strongswan-5.3.0
 ----------------
author	Yves-Alexis Perez <corsac@debian.org>	2015-06-01 14:46:30 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2015-06-01 14:46:30 +0200
commit	fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch)
tree	7360889e50de867d72741213d534a756c73902c8 /NEWS
parent	83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff)
download	vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip