-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-5.0
This release is a major release with many features and bugfixes. It
also contains some changes to the defaults, removal of obsoleted
options/keywords and introduction of new options/keywords.
W
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has issued a Release Candidate 3 for libreswan-5.0
This release is a major release with many features and bugfixes. We
strongly encourage developers, system integrators, and distribution
vendors to carefully test this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Release date: Monday, April 15, 2024
Contact: secur...@libreswan.org
PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9
===
CVE-2024-3652: IKEv1 default AH/ESP responder can crash
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Apologies for the quick followup. The 4.13 release contained a compile
error that has been fixed in this 4.14 followup release.
The Libreswan Project has released libreswan-4.14
4.14 only contains a compile and testcase fix for 4.13. The 4.13
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has issued a Release Candidate 2 for libreswan-5.0
This release is a major release with many features and bugfixes. We
strongly encourage developers, system integrators, and distribution
vendors to carefully test this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-4.13
This is a security release that addresses one minor CVEs and a few bugfixes:
* Security: Fixes http://libreswan.org/security/CVE-2024-2357
* BSD: fix esp=aes_gcm [Andrew]
* x509: unpack IPv6
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has issued a Release Candidate 1 for libreswan-5.0
This release is a major release with many features and bugfixes. We
strongly encourage developers, system integrators, and distribution
vendors to carefully test this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-4.12
This is a security release that addresses three minor CVEs and a bugfix:
CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart
CVE-2023-38711: Invalid IKEv1 Quick Mode ID causes restart
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-4.11
This is a security release that only addresses CVE-2023-30570.
CVE-2023-30570 can cause libreswan to restart after receiving
retransmitted IKEv1 Aggressive Mode packet from an unauthenticated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Subject: libreswan-4.10 released to address CVE-2023-23009
The Libreswan Project has released libreswan-4.10
This is a security release that addresses CVE-2023-23009 as well
as a potential crasher in IKEv1 when using multiple subnets.
The Libreswan Project has released libreswan 4.8
This release adds support for ipsec-max-bytes= and
ipsec-max-packets=, and adds raw (non-certificate)
ECDSA support using leftpubkey= and rightpubkey=
This latest version of libreswan can be downloaded from:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan 4.7
This release adds support for EAPTLS, FreeBSD/NetBSD fixes, and
fixes an interop issue with Android 12.
This latest version of libreswan can be downloaded from:
You can download libreswan via https at:
https://download.libreswan.org/libreswan-4.6.tar.gz
https://download.libreswan.org/libreswan-4.6.tar.gz.asc
The full changelog is available at: https://download.libreswan.org/CHANGES
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Release date:
, the Libreswan Team
cannot rule out that this exploit can lead to an attacker gaining Remote
Code Execution on servers running libreswan. To trigger this exploit,
no authentication credentials are required.
The vulnerability uses a malicious X.509 certificate signature, but
even connections not using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan 4.5
This is a bugfix release. The Labeled IPsec for IKEv2 now uses 1 set of
SPD policies for all sets of SPD states. Libreswan now supports RFC 6023
(Childless SA) which is required for auto=start
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan 4.4
This is a bugfix release. It includes improved connection switching,
fixes for IKEv2 Labeled IPsec and IPsec over TCP fixes.
This latest version of libreswan can be downloaded from:
Libreswan based VPN System Role available
The Linux System Roles are a set of Ansible Roles, also available as
an Ansible Collection, used to manage and configure common GNU/Linux
operating system components. Conceptually, the intent is to provide
for the operating system components an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan 4.2
This is a minor feature and bugfix release.
This release introduces IKEv2 Labeled IPsec support as defined
in draft-ietf-ipsecme-labeled-ipsec. A new auto=keep allows for a
responder/server to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan 4.1
This is a major bugfix release.
A bug in libreswan 4.0 that rejected invalid IKEv2 Notify protocol ID's
instead of ignoring these as per RFC 7296 resulted in an interoperability
issue with some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-4.0
This is a major feature and cleanup release.
The major release number was increased to signify some major changes.
Please ensure you extensively test libreswan 4.0 before upgrading
production
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.32
(previous announcement was mistakenly referring to 3.33)
This is a security release that addresses CVE-2020-1763. This
vulnerability can cause libreswan to restart after receiving
an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.32
This is a security release that addresses CVE-2020-1763. This
vulnerability can cause libreswan to restart after receiving
an unauthenticated bogus IKEv1 Informational Exchange packet.
For
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The Libreswan Project has released libreswan-3.31
This is a bugfix release. It fixes IKEv2 IPv4 rekeying that
was broken in 3.30. It also adds support for XFRM interfaces
to IKEv1 to help migration from KLIPS to XFRM, and an updown
script fix
23 matches
Mail list logo