Version 4.2.14 » History » Version 3
Tobias Brunner, 01.09.2009 14:27
Changes for Version 4.2.14
| 1 | 3 | Tobias Brunner | h1. Version 4.2.14 |
|---|---|---|---|
| 2 | 3 | Tobias Brunner | |
| 3 | 3 | Tobias Brunner | * The new server-side EAP RADIUS plugin (--enable-eap-radius) |
| 4 | 3 | Tobias Brunner | relays EAP messages to and from a RADIUS server. Succesfully |
| 5 | 3 | Tobias Brunner | tested with with a freeradius server using EAP-MD5 and EAP-SIM. |
| 6 | 3 | Tobias Brunner | |
| 7 | 3 | Tobias Brunner | * A vulnerability in the Dead Peer Detection (RFC 3706) code was found by |
| 8 | 3 | Tobias Brunner | Gerd v. Egidy <gerd.von.egidy AT intra2net DOT com> of Intra2net AG affecting |
| 9 | 3 | Tobias Brunner | all Openswan and strongSwan releases. A malicious (or expired ISAKMP) |
| 10 | 3 | Tobias Brunner | R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the |
| 11 | 3 | Tobias Brunner | pluto IKE daemon to crash and restart. No authentication or encryption |
| 12 | 3 | Tobias Brunner | is required to trigger this bug. One spoofed UDP packet can cause the |
| 13 | 3 | Tobias Brunner | pluto IKE daemon to restart and be unresponsive for a few seconds while |
| 14 | 3 | Tobias Brunner | restarting. This DPD null state vulnerability has been officially |
| 15 | 3 | Tobias Brunner | registered as CVE-2009-0790 and is fixed by this release. |
| 16 | 3 | Tobias Brunner | |
| 17 | 3 | Tobias Brunner | * ASN.1 to time_t conversion caused a time wrap-around for |
| 18 | 3 | Tobias Brunner | dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms. |
| 19 | 3 | Tobias Brunner | As a workaround such dates are set to the maximum representable |
| 20 | 3 | Tobias Brunner | time, i.e. Jan 19 03:14:07 UTC 2038. |
| 21 | 3 | Tobias Brunner | |
| 22 | 3 | Tobias Brunner | * Distinguished Names containing wildcards (*) are not sent in the |
| 23 | 3 | Tobias Brunner | IDr payload anymore. |