Version 5.0.4 » History » Version 1
Tobias Brunner, 30.04.2013 14:38
| 1 | 1 | Tobias Brunner | h1. Version 5.0.4 |
|---|---|---|---|
| 2 | 1 | Tobias Brunner | |
| 3 | 1 | Tobias Brunner | * Fixed a security vulnerability in the _openssl_ plugin which was reported by |
| 4 | 1 | Tobias Brunner | Kevin Wojtysiak. The vulnerability has been registered as "CVE-2013-2944":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2944. |
| 5 | 1 | Tobias Brunner | Before the fix, if the _openssl_ plugin's ECDSA signature verification was used, |
| 6 | 1 | Tobias Brunner | due to a misinterpretation of the error code returned by the OpenSSL |
| 7 | 1 | Tobias Brunner | @ECDSA_verify()@ function, an empty or zeroed signature was accepted as a |
| 8 | 1 | Tobias Brunner | legitimate one. |
| 9 | 1 | Tobias Brunner | Refer to "our blog":http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-(cve-2013-2944).html for details. |
| 10 | 1 | Tobias Brunner | |
| 11 | 1 | Tobias Brunner | * The handling of a couple of other non-security relevant OpenSSL return codes |
| 12 | 1 | Tobias Brunner | was fixed as well. |
| 13 | 1 | Tobias Brunner | |
| 14 | 1 | Tobias Brunner | * The _tnc_ifmap_ plugin now publishes virtual IPv4 and IPv6 addresses via its |
| 15 | 1 | Tobias Brunner | TCG TNC IF-MAP 2.1 interface. |
| 16 | 1 | Tobias Brunner | |
| 17 | 1 | Tobias Brunner | * The _charon.initiator_only_ [[strongswan.conf]] option causes charon to ignore |
| 18 | 1 | Tobias Brunner | IKE initiation requests. |
| 19 | 1 | Tobias Brunner | |
| 20 | 1 | Tobias Brunner | * The _openssl_ plugin can now use the _openssl-fips_ library. |