From team at libreswan.org  Wed Mar  1 16:19:07 2023
From: team at libreswan.org (The Libreswan Team)
Date: Wed, 1 Mar 2023 09:19:07 -0500 (EST)
Subject: [Swan-announce] libreswan-4.10 released to address CVE-2023-23009
Message-ID: <437f5af9-1a53-5d96-f950-90c749654b39@libreswan.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Subject: libreswan-4.10 released to address CVE-2023-23009

The Libreswan Project has released libreswan-4.10

This is a security release that addresses CVE-2023-23009 as well
as a potential crasher in IKEv1 when using multiple subnets.

CVE-2023-23009 can cause libreswan to restart after receiving
an bogus IKEv2 Traffic Selector payload from an authenticated peer.

For details and patches see:

https://libreswan.org/security/CVE-2023-23009

You can download libreswan via https at:

https://download.libreswan.org/libreswan-4.10.tar.gz
https://download.libreswan.org/libreswan-4.10.tar.gz.asc

The full changelog is available at: https://download.libreswan.org/CHANGES

Please report bugs either via one of the mailinglists or at our bug
tracker:

https://lists.libreswan.org/
https://github.com/libreswan/libreswan/

Binary packages for RHEL/CentOS can be found at:
https://download.libreswan.org/binaries/

Binary packages for Fedora and Debian should be available in their
respective repositories a few days after this release.

See also https://libreswan.org/

v4.10 (February 28, 2023)
* SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-23009
* IKEv1: only clean up a connection when it isn't deleted [Andrew]
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmP+shkTHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+enqD/9hIHbJPNOKak8n8PZn8hk7f0eRu/uf
SGopt1nqO81mQjd4BjS2ueNB4qZG4na+0Gu4+yLbymUdsInzrbnpVsNzA5/jsVOC
Wl1XhxdzbXfx83IIka1mwbUP1kk90aQBAfZlcUF4/iUlc6xYYZInqiQ1kR/MctBp
V+7E0ulq2SgqrgBhKU1p7RYNLU6VaQSx8THR2BobfT0+rW/dZqgi2nEkfMfcqrlQ
Jd2NOzcvYnwUSjvOr9hTGSM55g9gInlcOcTiWgvued33bZJcUd+ga9DeN8+r21CJ
25E7dnkmNJ+fZaOIx2O0OiKp5pcFaDx+H5+J4ju7tVTUsM+ol7eWUMEcb3bYKr3E
Db3O6nLlkLZLvocS4rwuXYoppVktQtU3EA4fCFOpq3L85zp5V0XKNxXXQJaRAcwW
gTdFxM9kfNhw7sfCIJ74yP8A2wbpcFlZH2YXO5qzaHAJFMdClLTTbM9vN88R1EbO
O/AH462hs06xtmMVgHr39LDKOLcWzBd7u5JLNHtsa3tV5vJxeVC5FeoT1CLuWR8X
QNMXzXqo0yUw8NAs0sfkcDWSLbUy0JUBlBXrkg5N/Ofx7Vrf1s8q4NgwgXdhoqKd
QClfsY7Ve3epf0g/OwYmTsJVA84NU7BuK+J+t8orBVuqMdpWAZtc05UfLV60I9TR
JxiY3Ns9z4UXeg==
=Hlpj
-----END PGP SIGNATURE-----