[strongSwan] ANNOUNCE: strongswan-4.4.1 released

Thomas Jarosch thomas.jarosch at intra2net.com
Mon Aug 2 16:47:35 CEST 2010


On Monday, 2. August 2010 16:14:51 Andreas Steffen wrote:
> - snprintf vulnerability
>    ----------------------
>    A potential remote code execution vulnerability resulting from
>    the misuse of snprintf() was fixed. The vulnerability was
>    introduced with the strongswan-4.3.3 release and is exploitable
>    by unauthenticated users. Patches for all releases starting with
>    4.3.3 are available under the following link:
>    http://download.strongswan.org/patches/08_snprintf_patch/
>    Also a new 4.3.7 release has been made available for 4.3.x users

Whoops. Thanks for providing the patches! Testing 4.3.7 right now.

Best regards,
Thomas Jarosch

More information about the Users mailing list