[Swan-dev] [Swan-announce] libreswan-5.0 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-5.0 This release is a major release with many features and bugfixes. It also contains some changes to the defaults, removal of obsoleted options/keywords and introduction of new options/keywords. W

[Swan-dev] [Swan-announce] libreswan-5.0rc3 Release Candidate 3 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has issued a Release Candidate 3 for libreswan-5.0 This release is a major release with many features and bugfixes. We strongly encourage developers, system integrators, and distribution vendors to carefully test this

[Swan-dev] [Swan-announce] libreswan-4.15 released to address CVE-2024-3652

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Release date: Monday, April 15, 2024 Contact: secur...@libreswan.org PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 === CVE-2024-3652: IKEv1 default AH/ESP responder can crash

[Swan-dev] [Swan-announce] libreswan-4.14 released to address CVE-2024-2357 and compile fix for 4.13

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Apologies for the quick followup. The 4.13 release contained a compile error that has been fixed in this 4.14 followup release. The Libreswan Project has released libreswan-4.14 4.14 only contains a compile and testcase fix for 4.13. The 4.13

[Swan-dev] [Swan-announce] libreswan-5.0rc2 Release Candidate 2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has issued a Release Candidate 2 for libreswan-5.0 This release is a major release with many features and bugfixes. We strongly encourage developers, system integrators, and distribution vendors to carefully test this

[Swan-dev] [Swan-announce] libreswan-4.13 released to address CVE-2024-2357

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-4.13 This is a security release that addresses one minor CVEs and a few bugfixes: * Security: Fixes http://libreswan.org/security/CVE-2024-2357 * BSD: fix esp=aes_gcm [Andrew] * x509: unpack IPv6

[Swan-dev] [Swan-announce] libreswan-5.0rc1 Release Candidate 1 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has issued a Release Candidate 1 for libreswan-5.0 This release is a major release with many features and bugfixes. We strongly encourage developers, system integrators, and distribution vendors to carefully test this

[Swan-dev] [Swan-announce] libreswan-4.12 released to address CVE-2023-38710, CVE-2023-38711 and CVE-2023-38712

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-4.12 This is a security release that addresses three minor CVEs and a bugfix: CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart CVE-2023-38711: Invalid IKEv1 Quick Mode ID causes restart

[Swan-dev] [Swan-announce] libreswan-4.11 released to address CVE-2023-30570

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-4.11 This is a security release that only addresses CVE-2023-30570. CVE-2023-30570 can cause libreswan to restart after receiving retransmitted IKEv1 Aggressive Mode packet from an unauthenticated

[Swan-dev] [Swan-announce] libreswan-4.10 released to address CVE-2023-23009

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Subject: libreswan-4.10 released to address CVE-2023-23009 The Libreswan Project has released libreswan-4.10 This is a security release that addresses CVE-2023-23009 as well as a potential crasher in IKEv1 when using multiple subnets.

[Swan-dev] [Swan-announce] libreswan-4.8 released, maintenance release

The Libreswan Project has released libreswan 4.8 This release adds support for ipsec-max-bytes= and ipsec-max-packets=, and adds raw (non-certificate) ECDSA support using leftpubkey= and rightpubkey= This latest version of libreswan can be downloaded from:

[Swan-dev] [Swan-announce] libreswan-4.7 released, bufix release and EAPTLS support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan 4.7 This release adds support for EAPTLS, FreeBSD/NetBSD fixes, and fixes an interop issue with Android 12. This latest version of libreswan can be downloaded from:

[Swan-dev] [Swan-announce] libreswan-4.6 released to address CVE-2022-23094

You can download libreswan via https at: https://download.libreswan.org/libreswan-4.6.tar.gz https://download.libreswan.org/libreswan-4.6.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Release date:

[Swan-dev] [Swan-announce] Security vulnerability in NSS crypto library affecting libreswan

, the Libreswan Team cannot rule out that this exploit can lead to an attacker gaining Remote Code Execution on servers running libreswan. To trigger this exploit, no authentication credentials are required. The vulnerability uses a malicious X.509 certificate signature, but even connections not using

[Swan-dev] [Swan-announce] libreswan-4.5 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan 4.5 This is a bugfix release. The Labeled IPsec for IKEv2 now uses 1 set of SPD policies for all sets of SPD states. Libreswan now supports RFC 6023 (Childless SA) which is required for auto=start

[Swan-dev] [Swan-announce] libreswan-4.4 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan 4.4 This is a bugfix release. It includes improved connection switching, fixes for IKEv2 Labeled IPsec and IPsec over TCP fixes. This latest version of libreswan can be downloaded from:

[Swan-dev] [Swan-announce] VPN System Role support for libreswan released

Libreswan based VPN System Role available The Linux System Roles are a set of Ansible Roles, also available as an Ansible Collection, used to manage and configure common GNU/Linux operating system components. Conceptually, the intent is to provide for the operating system components an

[Swan-dev] [Swan-announce] libreswan-4.2 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan 4.2 This is a minor feature and bugfix release. This release introduces IKEv2 Labeled IPsec support as defined in draft-ietf-ipsecme-labeled-ipsec. A new auto=keep allows for a responder/server to

[Swan-dev] [Swan-announce] libreswan 4.1 released to address urgent Cisco interoperability issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan 4.1 This is a major bugfix release. A bug in libreswan 4.0 that rejected invalid IKEv2 Notify protocol ID's instead of ignoring these as per RFC 7296 resulted in an interoperability issue with some

[Swan-dev] [Swan-announce] libreswan-4.0 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-4.0 This is a major feature and cleanup release. The major release number was increased to signify some major changes. Please ensure you extensively test libreswan 4.0 before upgrading production

[Swan-dev] [Swan-announce] libreswan-3.32 released to address CVE-2020-1763 [version corrected]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-3.32 (previous announcement was mistakenly referring to 3.33) This is a security release that addresses CVE-2020-1763. This vulnerability can cause libreswan to restart after receiving an

[Swan-dev] [Swan-announce] libreswan-3.33 released to address CVE-2020-1763

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-3.32 This is a security release that addresses CVE-2020-1763. This vulnerability can cause libreswan to restart after receiving an unauthenticated bogus IKEv1 Informational Exchange packet. For

[Swan-dev] [Swan-announce] libreswan-3.31 released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The Libreswan Project has released libreswan-3.31 This is a bugfix release. It fixes IKEv2 IPv4 rekeying that was broken in 3.30. It also adds support for XFRM interfaces to IKEv1 to help migration from KLIPS to XFRM, and an updown script fix