[strongSwan] ANNOUNCE: strongSwan 5.1.0 released including fix for CVE-2013-5018

Andreas Steffen andreas.steffen at strongswan.org
Wed Aug 7 14:28:32 CEST 2013


Hi,

we are happy to announce the latest stable strongSwan 5.1.0 release.
A list of the many new features can be found in the following blog
entry:

http://www.strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html

Shortly before the software release, one of our users reported a crash
of the charon daemon which we quickly identified as a Denial-of-Service
vulnerability that can be easily exploited. We decided to fix this
fault without delay and to include the patch in the 5.1.0 release.
For details refer to the separate blog entry:

http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html

If you are running a productive system with either strongSwan 5.0.3
or 5.0.4 and are using IKEv2 EAP or IKEv1 XAUTH password-based
user authentication then we urge you to either patch the source code
or update to 5.1.0. We apologize for any inconveniences.

Best regards

Tobias Brunner, Martin Willi, Andreas Steffen

The strongSwan Team

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130807/39b1e342/attachment.bin>


More information about the Users mailing list