[Swan-announce] libreswan-4.12 released to address CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712
The Libreswan Team
team at libreswan.org
Tue Aug 8 19:09:43 EEST 2023
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Libreswan Project has released libreswan-4.12
This is a security release that addresses three minor CVEs and a bugfix:
CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart
CVE-2023-38711: Invalid IKEv1 Quick Mode ID causes restart
CVE-2023-38712: Invalid IKEv1 repeat IKE SA delete causes crash and restart
All three CVEs require the peer has fully authenticated before the
malicious misformed payload can be send. Therefor, these CVEs mostly
affect remote access VPN services.
For details and patches see:
https://libreswan.org/security/CVE-2023-38710/
https://libreswan.org/security/CVE-2023-38711/
https://libreswan.org/security/CVE-2023-38712/
You can download libreswan via https at:
https://download.libreswan.org/libreswan-4.12.tar.gz
https://download.libreswan.org/libreswan-4.12.tar.gz.asc
The full changelog is available at: https://download.libreswan.org/CHANGES
Please report bugs either via one of the mailinglists or at our bug
tracker:
https://lists.libreswan.org/
https://github.com/libreswan/libreswan/
Binary packages for RHEL/CentOS can be found at:
https://download.libreswan.org/binaries/
Binary packages for Fedora and Debian should be available in their
respective repositories a few days after this release.
See also https://libreswan.org/
4.12 (Aug 8, 2023)
* SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-38710
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38711
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38712
* pluto: Do not crash on ipcomp expiry msg
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmTSaKsTHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+WhxD/kBpl1jFVOdmR2JekxqXJGmxcuWAo1W
LTtcXoOcJeqzSKDZKEVAx328NEsnngxIbSoHdkI8Kt5O4fViw8jW7SRu3Pa72YnO
loY3qO5U5yMEhSjJLSP0olNO/nJtDaYj71/Z9uXAcR2PWn2VQsT4jKXlneFOwmiK
HVUFX04a7icgshTdhx8YkdZkuyYed3vtbLyBjbY9dLFDieaPwLiqdAjeRV07NHZu
GecxWqJ2cfdsZtsxchmvrbgU9yijzyazPCFXDy9BWs4a9Xn7Y/39GebqJwisjeHf
uve2ugyVocpOt+QrwRepSOAN9TOQQMJJ8hGrtq5LfFYzV7lQzsR10SDEVNGqSTfa
i7RgYmd7JcNb/k3PY99YGiMzIXhSWy9Xjv+CIVoudlT1jTgAQp0dJhJN1GTnNNxo
abq3RVl0+7YY7I3259d47PrKTihLUkMovMxg1MYztQ+0fCOFMC3lTVqRJW86RNnS
2jVtPq7JtTPmmqNmcg1wZAU7V5x5depn2bvOcBYAFxcD+aJZ5WHk7feh4M9vOSAe
IkD+BhSM06A7a0nInRK0EzE3c2hmT/4QhoYcVlzGJrG+lvHL+5ctJp29LZJEeM0e
Hql605V0u77r8RsIBwa/V/X1ld79jp2zpiEplyFyAa4ZUoWZdWuEWcf13ub8EorR
056fvoi7tCBZmg==
=SWx4
-----END PGP SIGNATURE-----
More information about the Swan-announce
mailing list