[Swan-announce] Libreswan 3.7 released

The Libreswan Project team at libreswan.org
Wed Dec 11 01:34:59 EET 2013

The Libreswan Project has released libreswan-3.7. This is a security

This releases addresses an IKE vulnerability introduced in libreswan
3.6. It has been submitted as CVE-2013-4564. A malicious IKE packet
could cause libreswan to restart. It also fixes a tmp file race condition in
the spec file for RHEL/Fedora packages which was also introduced in
libreswan 3.6. A third security issue that could cause libreswan to
restart when a KE payload was expected but not present was addressed.

Features include better ESP algorithm support for IKEv2, including
AES GCM, AES CCM, Twofish and Serpent. Blowfish is no longer supported
for IKE or ESP (use twofish insead). Note that for IKEv1, the aes_gcm
and aes_ccm keysizes required adding the salt bytes. This is no longer
needed, so for both IKEv1 and IKEv2, GCM and CCM are specified as one
would expect, for example: esp=aes_gcm_c-128-null. Note that future
versions will remove the GCM/CCM ICV varients.

KLIPS was fixed to no longer crash in ipsec_xmit_ipip() on certain
recent Linux kernels and now supports kernels up to 3.11. It can be
used on kernels with support for namespaces.

Both IKEv2 and IKEv1 saw various improvements and improved logging.

You can download libreswan via https at:


or via ftp at:


The full changelog is available at:

Please report bugs either via one of the mailinglists or at our bug


Binary packages for Fedora, RHEL and Ubuntu can be found at

See also https://libreswan.org/

v3.7 (December 10, 2013)
* SECURITY: CVE-2013-4564 Denial of service via unauth packet [Paul/Hugh]
* SECURITY: fix insecure tmp file in rpm %post - introduced in 3.6 [Tuomo]
* SECURITY: Properly handle IKEv2 I1 notification without KE payload [Paul]
* IKE: aes_gcm and aes_ccm now specify key size without salt [Paul/Hugh]
* NETKEY: Added twofish and serpent as valid ESP algorithms [Paul]
* KLIPS: Fix for crashes in ipsec_xmit_ipip() [Thomas/Roel/David]
* KLIPS: Fix NAT-T (NEED_UDP_ENCAP_ENABLE) for 3.4 kernel [Roel]
* KLIPS: Fix compiling for 3.9 kernels (PDE_DATA fix) [Paul]
* KLIPS: Claim we do namespaces - makes it work on simple host case [Paul]
* IKEv2: Add support for AES-GCM, AES-CCM [Paul/Hugh]
* IKEv2: Check for inbound traffic before sending liveness exchange [Matt]
* IKEv2: Fix some error codes that mistakenly used IKEv1 versions [Paul]
* IKEv2: in R1 don't copy their IKEv2 minor for our reply packet [Paul]
* IKEv2: Don't kill unrelated states on same hash chain in IKE DEL [Hugh]
* pluto: change ipsec_notification_names to ikev[12]_notify_names [Paul]
* pluto: Various cleanup and reducing scope of variables [Hugh]
* building: support for slackware version/init system detection [Roel]
* rsasigkey: Remove spurious debug line confusing ipsec showhostkey [Paul]
* initsystems: fix typo in openrc script [Natanael Copa]
* testing: KVM test system updates [Paul]
* secrets: Log glob failing for secrets parser as warning, not error [Paul]
* setup: fix systemd init detection [Tuomo]
* labeled ipsec: Set default value of secctx_attr_value to 32001 [Paul]
* barf: don't load l2tp kernel modules and use new syntax (rhbz#1033191) [Paul]
* Bugtracker bugs fixed:
   #116: Don't load connections when leftcert= cert not found in NSS DB [Matt]

More information about the Swan-announce mailing list