strongswan/strongswan-5.0.4.tar.bz2.sig
Marius Tomaschewski 2fa10a3109 - Updated to strongSwan 5.0.4 release (bnc#815236, CVE-2013-2944):
- Fixed a security vulnerability in the openssl plugin which was
    reported by Kevin Wojtysiak.  The vulnerability has been registered
    as CVE-2013-2944. Before the fix, if the openssl plugin's ECDSA
    signature verification was used, due to a misinterpretation of the
    error code returned by the OpenSSL ECDSA_verify() function, an empty
    or zeroed signature was accepted as a legitimate one. Refer to our
    blog for details.
  - The handling of a couple of other non-security relevant OpenSSL
    return codes was fixed as well.
  - The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses
    via its TCG TNC IF-MAP 2.1 interface.
  - The charon.initiator_only strongswan.conf option causes charon to
    ignore IKE initiation requests.
  - The openssl plugin can now use the openssl-fips library.
  The version 5.0.3 provides new ipseckey plugin, enabling authentication
  based on trustworthy public keys stored as IPSECKEY resource records in
  the DNS and protected by DNSSEC and new openssl plugin using the AES-NI
  accelerated version of AES-GCM if the hardware supports it.
  See http://wiki.strongswan.org/projects/strongswan/wiki/Changelog50
  for a list of all changes since the 5.0.1 release.

OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=58
2013-04-30 13:10:58 +00:00

15 lines
665 B
Standard ML

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQGcBAABAgAGBQJRflW/AAoJEN9CwXCzTbp3q+oL/jtA73UxuENW3JuA2vgXsHeU
jpWXDfM1GLEIKgy41D2+ajqx7l1amxM4ZOqtQZhFTMXs4EwWDIxpUl8RiARkwJy6
ueciwMnsmAbC3tmPa85JwnbgrXrMZX5IfUYRx8+3DdeIuh8gxDOu2nvYGqSdIbh2
8jN4x21wUQ+9mLz04VmuMKAmImoAitv8z89NVg6ZNiBEiYUfFdrkCepS7IGAY1ie
pmmYM4svK7LLuXIlQKMyq7mXccjFD0sjM3SS6cIZlxIcOlXuKMa7xmVlkfktz816
qz8XVOtD2zRiJuxjB92W9BW5Xr/+p5kXx995GjGitxv8g3CTTlPeg4GUciH6TGSW
46lQ36XHKQX/NccgymWYMkXmZbMbacyglz3ShR0OO/aM1/cVlQ9qiHccZDh7gt9+
fnfTAZn0RAfbe1zYKNn1h2BoY+LxscjnaX27oWxqI7KbrfrusZiyZic5twSeADcM
khfIOGVyOCjwTThAuGpu6p09NqoYNm6Y/9Aj+R5NiA==
=gI6I
-----END PGP SIGNATURE-----