Duncan Napier wrote:
Hi,I have not had time recently to do much in the way of maintainence on Dachstein, and while attempts at recruiting others to assist usually result in an initial flurry of activity, there never seems to be enough sustained effort to generate a new release.
I was wondering if Dachstein is still being maintained, and if so whether there are any plans to update the IPSec components to something newer than FreeS/WAN 1.9.6?
Essentially, the issue is that certain types of malformed IPSec packets can cause kernel panics in vulnerable versions (FreeS/WAN v. 1.9.6 and older):
http://online.securityfocus.com/bid/6011/info/
If you are worried about the FreeS/WAN vunerabilities, you will have to update the ipsec packages for Dachstein yourself, or migrate to Bering, which includes a newer version of FreeS/WAN.
Details on how to build the kernel (with ipsec support), and modifications to the ipsec scripts required for Dachstein's limited shell environment are on my website (the readme file in the kernel source tarball, and the notes on my ipsec package page, respectively).
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
