summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS26
1 files changed, 26 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 4709b07df..83308c772 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,29 @@
+strongswan-4.2.14
+-----------------
+
+- The new server-side EAP RADIUS plugin (--enable-eap-radius)
+ relays EAP messages to and from a RADIUS server. Succesfully
+ tested with with a freeradius server using EAP-MD5 and EAP-SIM.
+
+- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
+ Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
+ all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
+ R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
+ pluto IKE daemon to crash and restart. No authentication or encryption
+ is required to trigger this bug. One spoofed UDP packet can cause the
+ pluto IKE daemon to restart and be unresponsive for a few seconds while
+ restarting. This DPD null state vulnerability has been officially
+ registered as CVE-2009-0790 and is fixed by this release.
+
+- ASN.1 to time_t conversion caused a time wrap-around for
+ dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
+ As a workaround such dates are set to the maximum representable
+ time, i.e. Jan 19 03:14:07 UTC 2038.
+
+- Distinguished Names containing wildcards (*) are not sent in the
+ IDr payload anymore.
+
+
strongswan-4.2.13
-----------------