jengelh/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity
0e5610efdc
strongswan/strongswan-5.9.4.tar.bz2.sig

15 lines
659 B
Standard ML
Raw Normal View History

Accepting request 933151 from home:iznogood:branches:network:vpn - Update to version 5.9.4: * Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Please refer to our blog for details. * Fixed a denial-of-service vulnerability in the in-memory certificate cache if certificates are replaced and a very large random value caused an integer overflow. This vulnerability has been registered as CVE-2021-41991. Please refer to our blog for details. * Fixed a related flaw that caused the daemon to accept and cache an infinite number of versions of a valid certificate by modifying the parameters in the signatureAlgorithm field of the outer X.509 Certificate structure. * AUTH_LIFETIME notifies are now only sent by a responder if it can't reauthenticate the IKE_SA itself due to asymmetric authentication (i.e. EAP) or the use of virtual IPs. * Several corner cases with reauthentication have been fixed (48fbe1d, 36161fe, 0d373e2). * Serial number generation in several pki sub-commands has been fixed so they don't start with an unintended zero byte. * Loading SSH public keys via vici has been improved. * Shared secrets, PEM files, vici messages, PF_KEY messages, swanctl configs and other data is properly wiped from memory. * Use a longer dummy key to initialize HMAC instances in the openssl plugin in case it's used in FIPS-mode. * The --enable-tpm option now implies --enable-tss-tss2 as the plugin doesn't do anything without a TSS 2.0. * libtpmtss is initialized in all programs and libraries that use it. * Migrated testing scripts to Python 3. OBS-URL: https://build.opensuse.org/request/show/933151 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=128
2021-11-22 21:53:44 +01:00
-----BEGIN PGP SIGNATURE-----
iQGzBAABCgAdFiEElI8Vik52onvz0HUy30LBcLNNuncFAmFtRUEACgkQ30LBcLNN
undRkwwAo22C+tsCWS+QFmAZZ7l2pMrYYwCSFJns+wVnzw5+7hhGR3JysoDnf+9A
706SKcEPWnlXI7BwAk/9hdTDxdzfYQ7FEOJRZVk6+wOsodwR/EJpETj7OLGYbu/u
tsTIPkJCtVPtO/v+3H4pnrdG+KRNTynN4vNzyWSjwNEw3yGusk0jiidsdhr7I+cy
X6VG+cOkAVjjyWUHToxUufVEeJybAFhaeR39/mpBLk2xBF4e6/L+BQYjnsqleeAh
Yj8txL7FgVymsm09LrrzSEcY1ntXRobzKZqDJA8u3fxDvn19hAhb07uo3pnk3G05
NPvXFNqhYjyY5qaiQxiCXpOEliJUOZuPU4VM2WL2t2obAW1gWEjNXeWc9YjocIEf
BLGZttfj5iM8Htt486YzdPW4uqR/MnuoRHbr4vFG7NWs4Mw2dAtSQWXu8k/PmoxH
5gmxJwjyp8WBhEe3ZCczd1bnCz5+Ms8ycq3Icnvd837ZJalXVrxZAma/He83u7fF
hVkK6RLz
=05ZP
-----END PGP SIGNATURE-----
Copy Permalink