diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-11-18 15:19:06 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-11-18 15:19:06 +0100 |
| commit | fb6324eb165d1577bc4541bc2fc6758c56da2a95 (patch) | |
| tree | afbc98168e056e7839ac0dc434db8f88ffb34833 /NEWS | |
| parent | ea6a577e967da0ee954b06b7bdc6796e97eb9b2b (diff) | |
| parent | 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (diff) | |
| download | vyos-strongswan-fb6324eb165d1577bc4541bc2fc6758c56da2a95.tar.gz vyos-strongswan-fb6324eb165d1577bc4541bc2fc6758c56da2a95.zip | |
Merge tag 'upstream/5.3.4'
Upstream version 5.3.4
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -1,3 +1,17 @@ +strongswan-5.3.4 +---------------- + +- Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that + was caused by insufficient verification of the internal state when handling + MSCHAPv2 Success messages received by the client. + This vulnerability has been registered as CVE-2015-8023. + +- The sha3 plugin implements the SHA3 Keccak-F1600 hash algorithm family. + Within the strongSwan framework SHA3 is currently used for BLISS signatures + only because the OIDs for other signature algorithms haven't been defined + yet. Also the use of SHA3 for IKEv2 has not been standardized yet. + + strongswan-5.3.3 ---------------- @@ -37,7 +51,7 @@ strongswan-5.3.3 since 5.0.0) and packets that have the flag set incorrectly are again ignored. - Implemented a demo Hardcopy Device IMC/IMV pair based on the "Hardcopy - Device Health Assessment Trusted Network Connect Binding" (HCD-TNC) + Device Health Assessment Trusted Network Connect Binding" (HCD-TNC) document drafted by the IEEE Printer Working Group (PWG). - Fixed IF-M segmentation which failed in the presence of multiple small |