diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -1,3 +1,29 @@ +strongswan-4.2.14 +----------------- + +- The new server-side EAP RADIUS plugin (--enable-eap-radius) + relays EAP messages to and from a RADIUS server. Succesfully + tested with with a freeradius server using EAP-MD5 and EAP-SIM. + +- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by + Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting + all Openswan and strongSwan releases. A malicious (or expired ISAKMP) + R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the + pluto IKE daemon to crash and restart. No authentication or encryption + is required to trigger this bug. One spoofed UDP packet can cause the + pluto IKE daemon to restart and be unresponsive for a few seconds while + restarting. This DPD null state vulnerability has been officially + registered as CVE-2009-0790 and is fixed by this release. + +- ASN.1 to time_t conversion caused a time wrap-around for + dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms. + As a workaround such dates are set to the maximum representable + time, i.e. Jan 19 03:14:07 UTC 2038. + +- Distinguished Names containing wildcards (*) are not sent in the + IDr payload anymore. + + strongswan-4.2.13 ----------------- |