Hey Everyone,
As of about 3 hours ago, Homebrew should have fwknop 2.6.2. It took awhile
to get the maintainers of Homebrew to facilitate the merge. As usual, if
there are any problems with the fwknop package please let me know.
Cheers!
-Tim
On Mon, Apr 28, 2014 at 6:46 PM, Michael Rash <[email protected]>wrote:
>
> fwknop-2.6.2 has been released:
>
> http://www.cipherdyne.org/fwknop/download/
> https://github.com/mrash/fwknop/releases/tag/2.6.2
>
> This is a bug fix release that addresses the following as described in the
> ChangeLog:
>
> - [libfko] fix double free bug in SPA parser discovered with the new
> python SPA payload fuzzer (see the 'spa_encoding_fuzzing' branch
> which
> is not merged into the master branch yet). This bug could be
> triggered
> in fwknopd with a malicious SPA payload, but only when GnuPG is used
> and
> when an attacker is in possession of valid GnuPG keys listed in the
> access.conf file. In other words, an arbitrary attacker cannot
> trigger
> this bug. Further, when Rijndael is used for SPA packet encryption,
> this
> bug cannot be triggered at all due to an length/format check towards
> the
> end of _rijndael_decrypt(). This bug was introduced in the 2.6.1
> development series, and no previous versions of fwknop are affected.
>
> The spa_encoding_fuzzing branch will be merged back to master soon, and
> here is the fuzzer itself which behind the scenes uses a new #define to
> assist in the effort to fuzz libfko:
>
>
> https://github.com/mrash/fwknop/blob/spa_encoding_fuzzing/test/spa_fuzzing.py
>
> Additional releases in the 2.6.x series will be made to emphasize run time
> function, line, and branch test coverage.
>
> Thanks,
>
> --Mike
>
>
> ------------------------------------------------------------------------------
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
>
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
