[Swan-announce] Libreswan 3.3 released - SECURITY release

The Libreswan Project team at libreswan.org
Tue May 14 01:16:26 EEST 2013

The Libreswan Project has released libreswan-3.3. This is an important
security release and we encourage everyone to upgrade immediately.

We wish to thank Florian Weimer of Red Hat Product Security Team for
performing a full audit of the libreswan code.

Amongst the security hardening is a fix for CVE-2013-2052, which affects
libreswan 3.0 and 3.1 if configured with the option "oe=yes" (default is
"no"). While libreswan 3.2 was not vulnerable, the 3.3 release introduced
additional security hardening around the affected code.

Note that the CVE-2013-2052 issue for libreswan is also present in all
openswan releases up to version 2.6.38 (see CVE-2013-2053) and some of
the older strongswan 4.x releases (See CVE-2013-2054)

This release further removes the compile time option (default disabled)
for the weak 1DES cipher and the weak modp768 DiffieHellman group, and
fixes bugs with the CRL code that would cause delayed CRL verification
on startup, and reject valid CRL signatures if the first byte of the
signature happened to be 0x00.

You can download libreswan via https at:


or via ftp at:


The full changelog is available at:

Please report bugs either via one of the mailinglists or at our bug


Binary packages for Fedora, RHEL and Ubuntu can be found at

See also https://libreswan.org/

v3.3 (May 13, 2013)
* SECURITY: atodn() buffer overflow with oe=yes [Florian/Hugh/Paul]
             affected: libreswan 3.0 and 3.1 (CVE-2013-2053)
             see also: openswan up to 2.6.38 (CVE-2013-2052)
             see also: strongswan up to 4.3.4 (CVE-2013-2054)
* security: dn_parse(), hex_str() write beyond end of the buffer [Florian]
* security: get_rnd_bytes: Abort on random number generator failure [Florian]
* security: Integer overflow if the leak detective enabled [Florian]
* security: Check that origin of netlink message is the kernel [Florian]
* security: Abort on crypto failure for 3des/aes to prevent leaks [Florian]
* security: Check PK11_CreateContextBySymKey() for NULL and SECFailure [Paul]
* security: RSA: Check modulus length against key overall length [Florian]
* security: fetch_curl: Set timeout for the entire request [Florian]
* security: Multiple hardening fixes from security audit [Florian Weimar]
* security: Cleanup buffer usage for traffic logging with XAUTH [Hugh]
* security: Cleanup ASN1_BUF_LEN use and remove unused load_host_cert() [Paul]
* security: cleanup CFLAGS handling [Paul]
* security: IKEv2 crashed when using nhelpers=0 [Paul]
* security: Remove stale non-NSS ASN1 handling and pem decryption code [Paul]
* security: Initial loading of file CRL fails for NSS CAs  [Matt Rogers]
* security: Removal of USE_WEAKSTUFF and USE_NOCRYPTO (1DES, modp768) [Paul]
* security: Removal of 1DES for KLIPS using CryptoAPI [Paul]
* security: * security: Cleanup of ASN1_BUF_LEN/BUF_LEN/PATH_MAX defines [Paul]
* pluto: Add support for OID_SHA224_WITH_RSA signatures [Paul]
* pluto: Always list section headers --list* calls, even when empty [Paul]
* X509: Fix for CRL sig failure if first byte is zero [Dhr/Matt/Paul]
* _stackmanager: fix loading of aes-x86_64 module [Tuomo]
* Bugtracker bugs fixed:
    #64: removal of /dev/*random everywhere but feeding nss pools [Paul]
    #90: NETKEY: Transport mode inbound eroute was from client [Kim/Tuomo]
    #91: SAREF: Patches updated for 3.4.x (tested on 3.4.42) [Andreas Herz]

More information about the Swan-announce mailing list