diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -1,3 +1,25 @@ +strongswan-5.1.3 +---------------- + +- Fixed an authentication bypass vulnerability triggered by rekeying an + unestablished IKEv2 SA while it gets actively initiated. This allowed an + attacker to trick a peer's IKE_SA state to established, without the need to + provide any valid authentication credentials. The vulnerability has been + registered as CVE-2014-2338. + +- The acert plugin evaluates X.509 Attribute Certificates. Group membership + information encoded as strings can be used to fulfill authorization checks + defined with the rightgroups option. Attribute Certificates can be loaded + locally or get exchanged in IKEv2 certificate payloads. + +- The pki command gained support to generate X.509 Attribute Certificates + using the --acert subcommand, while the --print command supports the ac type. + The openac utility has been removed in favor of the new pki functionality. + +- The libtls TLS 1.2 implementation as used by EAP-(T)TLS and other protocols + has been extended by AEAD mode support, currently limited to AES-GCM. + + strongswan-5.1.2 ---------------- |