[Swan-dev] [Swan-announce] libreswan 3.17 released - security release for CVE-2016-3071

The Libreswan Project team at libreswan.org
Mon Apr 4 16:23:26 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


The Libreswan Project has released libreswan-3.17

This is a security release. It fixes CVE-2016-3071 which can cause the
pluto IKE daemon to restart when receiving an IKE transform containg
AES_XCBC.

New features are ESN support (esn=yes|no|either default no) and
support for a vendorid for Opportunistc Encryption and the option
drop-oppo-null=no to not answer Opportunistic IPsec requests. IKEv1
responders no longer retransmit the first reply packet to avoid being
abused in an amplification attack. DCOOKIE support has been improved
to better counter TRANSCRIPT attacks.

Fixes include better CRL/OCSP handling, memory leak fixes, some bogus
connection duplication fixes, corrected nonce size for SHA2 and a
new implementation of IKEv2 proposal parsing preventing long delays,
proper handling of shared IKE SA's and improved handling of aggressive
mode with packetloss and dynamic dns based connection.


You can download libreswan via https at:

https: //download.libreswan.org/libreswan-3.17.tar.gz
https: //download.libreswan.org/libreswan-3.17.tar.gz.asc

The full changelog is available at: https://download.libreswan.org/CHANGES

Please report bugs either via one of the mailinglists or at our bug tracker:

https: //lists.libreswan.org/
https: //bugs.libreswan.org/

Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at
https: //download.libreswan.org/binaries/

Binary packages for Fedora can be found in the respective fedora
repositories.

See also https://libreswan.org/

v3.17 (April 4, 2016)
* SECURITY: CVE-2016-3071: IKEv2 aes_xcbc transform causes restart [Andrew]
* pluto: replace make variable HAVE_NO_FORK with USE_FORK, USE_DAEMON, and USE_VFORK [Andrew]
* pluto: add make variable USE_PTHREAD_SETSCHEDPRIO used by Darwin [Andrew]
* IKEv2: Add Vendor ID support and VID_OPPORTUNISTIC [Paul]
* IKEv2: Send VID_OPPORTUNISTIC when doing AUTH-NULL Opportunistc IPsec [Paul]
* IKEv2: New keyword drop-oppo-null=no|yes (default no) [Paul]
* IKEv2: ikev2_out_generic{_raw}() functions [Paul]
* IKEv2: Raise minimum nonce size from 8 to 16 bytes as per RFC-7296 [Paul]
* IKEv2: Ignore IKE_INIT replies with DOS COOKIE > 64 bytes [Paul]
* IKEv2: Fix memory leak of dcookies [Paul]
* IKEv2: Switch pluto to native IKEv2 SA code, disentangle from IKEv1 [Andrew]
* IKEv2: Log local and remote IKE and ESP/AH proposal sets [Andrew]
* IKEv2: ESN support (XFRM only) via esn=yes|no|either (default no) [Paul]
* IKEv2: Do not include aes_xcbc in proposal list until NSS supports it [Paul]
* IKEv2: Prefer sha2_512 over sha2_256 over sha1 [Paul]
* IKEv2: Use SHA2-256 instead of SHA1 as hash algorithm for dcookies [Paul]
* IKEv2: Validate unexpected dcookies to limit TRANSCRIPT attack [Paul]
* IKEv2: Don't duplicate failed IKE SA every pending cycle of 120s [Paul]
* IKEv2: add --impair-send-bogus-dcookie for testing [Paul]
* IKEv1: Packet retransmit fixes for Main/Aggr/Xauth modes [Paul]
* IKEv1: Minor logging changes for DPD/NAT-T/AGGR [Paul]
* IKEv1: Prefix a few functons with ikev1_* where not obvious [Paul]
* IKEv1: Always send modecfg banner and domain if they are set [Lubomir Rintel]
* pluto: fetch crls from middleCA/endcert AIA distribution points [Kim/Mika]
* pluto: crls must be refreshed periodically, not only near expiry [Kim/Mika]
* pluto: Raise IKEv1 and IKEv2 default nonce size from 16 to 32 bytes [Paul]
* pluto: Don't delete IKE SA when shared with multiple connections [Paul]
* pluto: connection restart failed for dynamic dns conns [Wolfgang]
* pluto: Ignore tentative and failed IPv6 addresses [Lubomir Rintel]
* pluto: Fix various coverity warnings and corner cases [Hugh, Paul]
* pluto: Rename *xauthusername= to *username= (keep compat alias) [Paul]
* pluto: accept/verify the KE contents before creating the state [Andrew]
* pluto: Parse the IKE SA proposals before creating the state [Andrew]
* pluto/rsasigkey: libgmp functions obsoleted by native NSS [Andrew]
* pluto: Be more careful handling realloc() failure [Hugh]
* pluto: Fix leaks in NSS/certificate handling code [William Rios]
* pluto: Refuse to load conns with protoport=XX/%any on both sides [Paul]
* pluto: Ignore unsupported keys from the NSS database [Andrew]
* rsasigkey: Only print the comment line, pubkey and CKAID [Paul]
* secrets: Remove wrapper for "ipsec secrets" and make it inline [Paul]
* libipsecconf: Make handling of policy bits more systematic [Hugh]
* barf: Only sysvinit printed the string "subsystem" [Paul]
* FIPS: Code cleanup and misc. fixes [Andrew / Paul]
* FIPS: Add _import_crl to the FIPS file list [Paul]
* KLIPS: Support for Linux 4.4.x kernel (lsw#256) [Wolfgang]
* KLIPS: IPv6 can't determine routing device (lsw#237) [Wolfgang]
* KLIPS: Fix pluto compile for USE_KLIPS=false [Paul]
* barf: Does not show pluto log correctly in the output (rhbz#1309764) [Paul]
* packaging: debian/ fixes [Marc-Christian Petersen / Tuomo]
* sysvinit: Fix displaying number of tunnels in status command [Paul]
* Bugtracker bugs fixed:
    #258 DPD with dynamic dns can't reconnect a host connection [Wolfgang]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXApS7AAoJEIX/S0OzD8b53bYP/iuZId/mqR/GYOu0sirZ67Y9
KD0j0kXjp9Vbqrhm1hVWEekcdW44sEho4nWTapT/st4sWWz5Hrl/V4kvqF65Mcrj
JiyTt0AKRwqcpmPfzl2Ga0n959eDoA1iftVpxcXWcYT508YeSJ5hUqNJHamMm4P9
bSuCLBpSyVf3BzZY++mf099sNmHJSzfrFcefPqI2ik7j4U1z9JHu8xaIibdC6Z0F
e2WEjnjnvnhuAhKwKAlnsBOJxJjwj03LY4r4UXo0c0hqP1r/hUiQDnR58fl+ok30
nyujB3k90ocE03hDB8aGOUhMqf4oy/vTb2dswGyUu4hAJG6DtmNQG28/1meBNB7k
e2/T2kbGJK6vk0wZw404+gajm49JHYd8HIczaiLVLqxCvJO7l9IY7nigGEVTUO/v
IsHgMyOhqxXOWXfwPaVa7I9V6BeYGQZ4lgmYF7Xw31Y0YQjeAZh02U8VzQUO94MJ
XapQc4kV48dPhXpWOa+h5Q7QZAdDisw+z+PLE/yO0Db63v0b7269YL3wJEAeE1Vc
JzoLYbOd3Kh/4osIYxw8puRGEOH0ia7C3uQRk8mfGXNW6g/ANpXHj3z2oZdQDKPv
JoaBvKc8nSebXaSjgLJwkIjuC/rwmgcWt5xSNbofD96FeVPjOkheaPRUBaRct8an
gLrhnnzysbc7j94K4Ljw
=eIsj
-----END PGP SIGNATURE-----
_______________________________________________
Swan-announce mailing list
Swan-announce at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-announce


More information about the Swan-dev mailing list