[Swan-dev] [Swan-announce] libreswan-4.14 released to address CVE-2024-2357 and compile fix for 4.13
The Libreswan Team
team at libreswan.org
Tue Mar 12 03:08:03 EET 2024
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Apologies for the quick followup. The 4.13 release contained a compile
error that has been fixed in this 4.14 followup release.
The Libreswan Project has released libreswan-4.14
4.14 only contains a compile and testcase fix for 4.13. The 4.13 releas
details are included below:
This is a security release that addresses one minor CVEs and a few bugfixes:
* Security: Fixes http://libreswan.org/security/CVE-2024-2357
* BSD: fix esp=aes_gcm [Andrew]
* x509: unpack IPv6 general names based on length [Andrew]
* pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti at github]
* compile fix for 4.13
The vulnerability disclosed in CVE-2024-2357 can only be triggered
when using IKEv2 with PreSharedKey (authby=secret) when no matching
secret has been loaded into pluto.
For details and patches see:
https://libreswan.org/security/CVE-2024-2357
You can download libreswan via https at:
https://download.libreswan.org/libreswan-4.14.tar.gz
https://download.libreswan.org/libreswan-4.14.tar.gz.asc
The full changelog is available at: https://download.libreswan.org/CHANGES
Please report bugs either via one of the mailinglists or at our bug
tracker:
https://lists.libreswan.org/
https://github.com/libreswan/libreswan/
Binary packages for Fedora and Debian should be available in their
respective repositories a few days after this release.
See also https://libreswan.org/
v4.14 (March 11, 2024)
* Fix compile error in 4.13 in gntoid() [Andrew]
* testing: fixup ikev2-tfc-03 for padded packets [Andrew/Paul]
v4.13 (March 11, 2024)
* Security: Fixes http://libreswan.org/security/CVE-2024-2357
* Linux: make libcap-ng failures non-fatal [Andrew]
* BSD: fix esp=aes_gcm [Andrew]
* NetBSD: fix compiler warning in lib/libswan/x509.c [Andrew]
* x509: unpack IPv6 general names based on length [Andrew]
* pluto: TFC padding was not set for AEAD algorithms [SaiKumarCholleti at github]
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmXvquITHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+T/ED/41cASoBVqObMss/3TBmUJ92Xvz8T+g
IsbpCB7EBZTV2jkaT+CrXCGJBFFzaY0kVdjcVZ/AfuiihKKiORP6mcj5Qfvvs65K
vkj4WrSTDdKIBqQIwh0jl93hTlt22hy/rXEHfGbe+YKVwmRJxYR+I4lN/4qeSeht
o0oORtqmhbmA5CEpGEBzbjskqn/EuAU6O2QaXg35d39jDUaNDamGFCoJ0H0Jkl+q
pYiw1NIKl3QBZoKQia66uynk/eIBFJOooRnkAO1qq9TURMTydlRPb47LyX0tbwOi
Eqrqp73PJVpSZRACyqpTMpswcXcT4r4aVlSbT5yfCnmKvzKyWExIogNdiPiefhD1
ED+QzrtZkuM5m9bv5TWYTnkAsbGbWNMCbco3ybDEOv/4dK8k0e/t28TckQZiwtKC
6myat671fD93Tb23cyjCNmlBmRGt29qXML8T8EAzloFWSESGSoNxWuC0f+RIbqtS
uWTlIvsjnNhnVilbVe1Y5o11NCPmjPsH7F1EtrxjHdIwUygkM8fV63YOKAlB49LR
4ICo8cUDlkXnT+zhl176H3Vs2rQZqkOL6qJGjhmQtGmAtf+ZxVidLovZSRmDU3bO
G90bThVwibrRXaDuQ+388LZvxfNVaULZkkvVPLkOZaecuDb+gHuoUJigK4Onm/9n
YlSBoxoKFNOXxw==
=1IPf
-----END PGP SIGNATURE-----
_______________________________________________
Swan-announce mailing list
Swan-announce at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-announce
More information about the Swan-dev
mailing list