[Swan-dev] [Swan-announce] libreswan-4.11 released to address CVE-2023-30570

The Libreswan Team team at libreswan.org
Thu May 4 01:19:34 EEST 2023


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


The Libreswan Project has released libreswan-4.11

This is a security release that only addresses CVE-2023-30570.

CVE-2023-30570 can cause libreswan to restart after receiving
retransmitted IKEv1 Aggressive Mode packet from an unauthenticated peer.

Configurations of libreswan that do not accept any IKEv1 Aggressive Mode
packets (eg do not have ikev2=no with aggressive=yes) are not affected.

For details and patches see:

https://libreswan.org/security/CVE-2023-30570

You can download libreswan via https at:

https://download.libreswan.org/libreswan-4.11.tar.gz
https://download.libreswan.org/libreswan-4.11.tar.gz.asc

The full changelog is available at: https://download.libreswan.org/CHANGES

Please report bugs either via one of the mailinglists or at our bug
tracker:

https://lists.libreswan.org/
https://github.com/libreswan/libreswan/

Binary packages for RHEL/CentOS can be found at:
https://download.libreswan.org/binaries/

Binary packages for Fedora and Debian should be available in their
respective repositories a few days after this release.

See also https://libreswan.org/

v4.11 (May 3, 2023)
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-30570

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmRS3c8THHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+R9qD/96FbLXI7jgYYmqsW7xLpMwEmTfJrQu
DovyIlWkaMNfLfEgzcq3U+UT2QcvV6dJRnNP9gBxwh3ih0AiNL3w0VAErNdaOhI3
xcd8XVdihfBYLfbhpg41hNAQGdVOvTPiLCSm7rFuWKwTXbdZz24v5QKj1iDcQxJi
f+V49FXw7kRhmpvaxIr5eXs31NkoX0TUqnXEXTimTZxaFIBBvff2j20bQJiQMJGO
NNt7gPjaDgpWi8T4V+nXrFfuiAQSNZj3PQi3zsGF18Cd3bt+XhlnwJYJB7vfRDUF
o2fhcbEW5OZupXccRfoi6o7KE5yPVIH557IILwZHq/7Hrsf6DXbMnL4dzxFMRB2O
0WY45Rcw/uvonjPYVc1vovCKR7/+tH4HbJgxRIvWrUP9CLxC8becFJuQKSLqSq4+
bZgz4mYsfVF7aqi0/2N7vMMG6DbvH2PNZKYq6V6Fc3wxnHeSkEked89N2c4AFW6c
qdHDRo0XOvMm3LbXBd0ISAT2sS1E99TRSFAwZDV9O7sK1YbSeaELMSMqheyvYw4p
B8pcYYUbYiA1PDQPC8NdjISQnnOsIu8PUGdrVX7XUPl05rMRTf/yGEnEwh2nKy5+
XQU2qXKPufMgZlWhm3bMeyQ96nLOCWlumGB3nn/PIUhnvB2STazIYAOvdM85guQB
AzsI360E/EV4og==
=m0Ug
-----END PGP SIGNATURE-----
_______________________________________________
Swan-announce mailing list
Swan-announce at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-announce


More information about the Swan-dev mailing list