Version 4.2.14¶

• The new server-side EAP RADIUS plugin (--enable-eap-radius)
  relays EAP messages to and from a RADIUS server. Succesfully
  tested with with a freeradius server using EAP-MD5 and EAP-SIM.

• A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
  Gerd v. Egidy <gerd.von.egidy AT intra2net DOT com> of Intra2net AG affecting
  all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
  R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
  pluto IKE daemon to crash and restart. No authentication or encryption
  is required to trigger this bug. One spoofed UDP packet can cause the
  pluto IKE daemon to restart and be unresponsive for a few seconds while
  restarting. This DPD null state vulnerability has been officially
  registered as CVE-2009-0790 and is fixed by this release.

• ASN.1 to time_t conversion caused a time wrap-around for
  dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
  As a workaround such dates are set to the maximum representable
  time, i.e. Jan 19 03:14:07 UTC 2038.

• Distinguished Names containing wildcards (*) are not sent in the
  IDr payload anymore.