Version 5.3.1 » History » Version 2
Version 1 (Tobias Brunner, 30.03.2015 11:39) → Version 2/3 (Tobias Brunner, 01.06.2015 14:01)
h1. Version 5.3.1
* Fixed a denial-of-service and potential remote code execution vulnerability
triggered by IKEv1/IKEv2 messages that contain payloads for This will be the respective
other IKE version. Such payload are treated specially since version:5.2.2 but because
they were still identified by their original payload type they were used as
such in some places causing invalid function pointer dereferences.
The vulnerability has been registered as "CVE-2015-3991":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3991.
Please refer to "our blog":https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html next minor release, see "Roadmap":http://wiki.strongswan.org/projects/strongswan/roadmap for details.
* The new _aesni_ plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
instructions and works updates on both x86 and x64 architectures. It provides
superior crypto performance in userland without any external libraries.
* Fixed an issue with IKEv2 fragmentation (introduced with version:5.2.1) and encryption
algorithms that use sequential IVs (e.g. AES-GCM). Previously the IKE message ID was
used as IV, but with IKEv2 fragmentation this ID is not unique anymore, causing the
same IV to get used for fragments of the same message. This was fixed by including
the fragment identifier in the IV (commit:62e0abe759).
* The TLS client in _libtls_ now rejects Diffie-Hellman groups with primes < 1024 bit (commit:47e96391f2).
* The accuracy of usage statistics reported via [[EAPRadius#Accounting|RADIUS Accounting]] has been
increased in several situations (e.g. if interim updates occur while rekeying a CHILD_SA).
* A constant time memory comparison utility function (@chunk_equals_const@) was
added for cryptographic purposes (commit:aa9b74931f).
* The interface for DH implementations was extended to enable unit tests (commit:44136bec94).
* Fixed initialization of HMAC primitives in the _openssl_ plugin for newer
OpenSSL releases (commit:c2906c8f21).
* _ike-updown_ and _child-updown_ events are now relayed via VICI (commit:a7e4a2d6c2).
* The Ruby Gems and Python Eggs built with @--enable-ruby-gems|--enable-python-eggs@ are
not installed anymore during @make install@. To do so the options @--enable-ruby-gems-install@
and/or @--enable-python-eggs-install@ may be passed to [[AutoConf|./configure]] (commit:f16f792e17).
* The source:src/libcharon/plugins/libvici.h header is now licensed under the
MIT license (commit:f17861dca9).
release date.
* Fixed a denial-of-service and potential remote code execution vulnerability
triggered by IKEv1/IKEv2 messages that contain payloads for This will be the respective
other IKE version. Such payload are treated specially since version:5.2.2 but because
they were still identified by their original payload type they were used as
such in some places causing invalid function pointer dereferences.
The vulnerability has been registered as "CVE-2015-3991":http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3991.
Please refer to "our blog":https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html next minor release, see "Roadmap":http://wiki.strongswan.org/projects/strongswan/roadmap for details.
* The new _aesni_ plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
instructions and works updates on both x86 and x64 architectures. It provides
superior crypto performance in userland without any external libraries.
* Fixed an issue with IKEv2 fragmentation (introduced with version:5.2.1) and encryption
algorithms that use sequential IVs (e.g. AES-GCM). Previously the IKE message ID was
used as IV, but with IKEv2 fragmentation this ID is not unique anymore, causing the
same IV to get used for fragments of the same message. This was fixed by including
the fragment identifier in the IV (commit:62e0abe759).
* The TLS client in _libtls_ now rejects Diffie-Hellman groups with primes < 1024 bit (commit:47e96391f2).
* The accuracy of usage statistics reported via [[EAPRadius#Accounting|RADIUS Accounting]] has been
increased in several situations (e.g. if interim updates occur while rekeying a CHILD_SA).
* A constant time memory comparison utility function (@chunk_equals_const@) was
added for cryptographic purposes (commit:aa9b74931f).
* The interface for DH implementations was extended to enable unit tests (commit:44136bec94).
* Fixed initialization of HMAC primitives in the _openssl_ plugin for newer
OpenSSL releases (commit:c2906c8f21).
* _ike-updown_ and _child-updown_ events are now relayed via VICI (commit:a7e4a2d6c2).
* The Ruby Gems and Python Eggs built with @--enable-ruby-gems|--enable-python-eggs@ are
not installed anymore during @make install@. To do so the options @--enable-ruby-gems-install@
and/or @--enable-python-eggs-install@ may be passed to [[AutoConf|./configure]] (commit:f16f792e17).
* The source:src/libcharon/plugins/libvici.h header is now licensed under the
MIT license (commit:f17861dca9).
release date.