[Announce] ANNOUNCE: strongSwan 5.1.0 released including fix for CVE-2013-5018
Andreas Steffen
andreas.steffen at strongswan.org
Wed Aug 7 14:28:32 CEST 2013
Hi,
we are happy to announce the latest stable strongSwan 5.1.0 release.
A list of the many new features can be found in the following blog
entry:
http://www.strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html
Shortly before the software release, one of our users reported a crash
of the charon daemon which we quickly identified as a Denial-of-Service
vulnerability that can be easily exploited. We decided to fix this
fault without delay and to include the patch in the 5.1.0 release.
For details refer to the separate blog entry:
http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html
If you are running a productive system with either strongSwan 5.0.3
or 5.0.4 and are using IKEv2 EAP or IKEv1 XAUTH password-based
user authentication then we urge you to either patch the source code
or update to 5.1.0. We apologize for any inconveniences.
Best regards
Tobias Brunner, Martin Willi, Andreas Steffen
The strongSwan Team
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.strongswan.org/pipermail/announce/attachments/20130807/39b1e342/attachment.bin
More information about the Announce
mailing list