From 7793611ee71b576dd9c66dee327349fa64e38740 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Mon, 19 Feb 2018 18:17:21 +0100 Subject: New upstream version 5.6.2 --- NEWS | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 5 deletions(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index fe0d6f9c2..6a0ae7c4a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,54 @@ +strongswan-5.6.2 +---------------- + +- Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that + was caused by insufficient input validation. One of the configurable + parameters in algorithm identifier structures for RSASSA-PSS signatures is the + mask generation function (MGF). Only MGF1 is currently specified for this + purpose. However, this in turn takes itself a parameter that specifies the + underlying hash function. strongSwan's parser did not correctly handle the + case of this parameter being absent, causing an undefined data read. + This vulnerability has been registered as CVE-2018-6459. + +- The previously negotiated DH group is reused when rekeying an SA, instead of + using the first group in the configured proposals, which avoids an additional + exchange if the peer selected a different group via INVALID_KE_PAYLOAD when + the SA was created initially. + The selected DH group is also moved to the front of all sent proposals that + contain it and all proposals that don't are moved to the back in order to + convey the preference for this group to the peer. + +- Handling of MOBIKE task queuing has been improved. In particular, the response + to an address update is not ignored anymore if only an address list update or + DPD is queued. + +- The fallback drop policies installed to avoid traffic leaks when replacing + addresses in installed policies are now replaced by temporary drop policies, + which also prevent acquires because we currently delete and reinstall IPsec + SAs to update their addresses. + +- Access X.509 certificates held in non-volatile storage of a TPM 2.0 + referenced via the NV index. + +- Adding the --keyid parameter to pki --print allows to print private keys + or certificates stored in a smartcard or a TPM 2.0. + +- Fixed proposal selection if a peer incorrectly sends DH groups in the ESP + proposals during IKE_AUTH and also if a DH group is configured in the local + ESP proposal and charon.prefer_configured_proposals is disabled. + +- MSKs received via RADIUS are now padded to 64 bytes to avoid compatibility + issues with EAP-MSCHAPv2 and PRFs that have a block size < 64 bytes (e.g. + AES-XCBC-PRF-128). + +- The tpm_extendpcr command line tool extends a digest into a TPM PCR. + +- Ported the NetworkManager backend from the deprecated libnm-glib to libnm. + +- The save-keys debugging/development plugin saves IKE and/or ESP keys to files + compatible with Wireshark. + + strongswan-5.6.1 ---------------- @@ -1370,7 +1421,7 @@ strongswan-4.4.1 - The openssl plugin now supports X.509 certificate and CRL functions. - OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled - by default. Plase update manual load directives in strongswan.conf. + by default. Please update manual load directives in strongswan.conf. - RFC3779 ipAddrBlock constraint checking has been moved to the addrblock plugin, disabled by default. Enable it and update manual load directives @@ -1832,7 +1883,7 @@ strongswan-4.2.8 - Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges, handle events if kernel detects NAT mapping changes in UDP-encapsulated - ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as + ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as long as possible and other fixes. - Fixed a bug in addr_in_subnet() which caused insertion of wrong source @@ -2111,7 +2162,7 @@ strongswan-4.1.7 - In NAT traversal situations and multiple queued Quick Modes, those pending connections inserted by auto=start after the - port floating from 500 to 4500 were erronously deleted. + port floating from 500 to 4500 were erroneously deleted. - Added a "forceencaps" connection parameter to enforce UDP encapsulation to surmount restrictive firewalls. NAT detection payloads are faked to @@ -2705,7 +2756,7 @@ strongswan-2.6.0 strongswan-2.5.7 ---------------- -- CA certicates are now automatically loaded from a smartcard +- CA certificates are now automatically loaded from a smartcard or USB crypto token and appear in the ipsec auto --listcacerts listing. @@ -2818,7 +2869,7 @@ strongswan-2.5.1 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute installed either by setting auto=route in ipsec.conf or by a connection put into hold, generates an XFRM_AQUIRE event - for each packet that wants to use the not-yet exisiting + for each packet that wants to use the not-yet existing tunnel. Up to now each XFRM_AQUIRE event led to an entry in the Quick Mode queue, causing multiple IPsec SA to be established in rapid succession. Starting with strongswan-2.5.1 -- cgit v1.2.3