[Announce] ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released
Andreas Steffen
andreas.steffen at strongswan.org
Thu Jul 23 14:28:19 CEST 2009
Hi,
the RDN parser vulnerability discovered by Orange Labs research team
two months ago was not completely fixed by the security patch
http://download.strongswan.org/patches/05_asn1_rdn_patch/
Some more modifications had to be applied to the asn1_length() function
to make it really robust. These modifications are available as a
patch for all strongSwan versions:
http://download.strongswan.org/patches/07_asn1_length_patch/
This fix has been integrated into the latest strongSwan releases 2.8.11,
4.2.17, and 4.3.3 available from http://download.strongswan.org/
Best regards
Andreas
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Announce
mailing list