NEWS: Added info about CVE-2014-2338

author: Tobias Brunner <tobias@strongswan.org> 2014-04-14 13:32:36 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2014-04-14 13:32:36 +0200
commit: e59ce07bfaf3b7390013d0d79f6979050391654e (patch)
tree: 2c689db53d91f23590895da916ec61fb3919b734 /NEWS
parent: 8503077175cd04f24cde25f663b0df9969f3b578 (diff)
download: strongswan-e59ce07bfaf3b7390013d0d79f6979050391654e.tar.bz2
strongswan-e59ce07bfaf3b7390013d0d79f6979050391654e.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 60f48f74f..fd33fb08d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 strongswan-5.1.3
 ----------------
 
+- Fixed an authentication bypass vulnerability triggered by rekeying an
+  unestablished IKEv2 SA while it gets actively initiated.  This allowed an
+  attacker to trick a peer's IKE_SA state to established, without the need to
+  provide any valid authentication credentials.  The vulnerability has been
+  registered as CVE-2014-2338.
+
 - The acert plugin evaluates X.509 Attribute Certificates. Group membership
   information encoded as strings can be used to fulfill authorization checks
   defined with the rightgroups option. Attribute Certificates can be loaded
author	Tobias Brunner <tobias@strongswan.org>	2014-04-14 13:32:36 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2014-04-14 13:32:36 +0200
commit	e59ce07bfaf3b7390013d0d79f6979050391654e (patch)
tree	2c689db53d91f23590895da916ec61fb3919b734 /NEWS
parent	8503077175cd04f24cde25f663b0df9969f3b578 (diff)
download	strongswan-e59ce07bfaf3b7390013d0d79f6979050391654e.tar.bz2 strongswan-e59ce07bfaf3b7390013d0d79f6979050391654e.tar.xz