diff options
| -rw-r--r-- | NEWS | 13 | ||||
| -rw-r--r-- | configure.in | 2 | ||||
| -rw-r--r-- | src/pluto/vendor.c | 3 | ||||
| -rw-r--r-- | src/pluto/vendor.h | 1 | ||||
| -rw-r--r-- | testing/INSTALL | 8 | ||||
| -rwxr-xr-x | testing/testing.conf | 4 |
6 files changed, 23 insertions, 8 deletions
@@ -1,3 +1,16 @@ +strongswan-4.2.15 +----------------- + +- Fixed two DoS vulnerabilities in the charon daemon that were discovered by + fuzzing techniques: 1) Sending a malformed IKE_SA_INIT request leaved an + incomplete state which caused a null pointer dereference if a subsequent + CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either + a missing TSi or TSr payload caused a null pointer derefence because the + checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was + developped by the Orange Labs vulnerability research team. The tool was + initially written by Gabriel Campana and is now maintained by Laurent Butti. + + strongswan-4.2.14 ----------------- diff --git a/configure.in b/configure.in index 5d9c256ca..c829758bc 100644 --- a/configure.in +++ b/configure.in @@ -16,7 +16,7 @@ dnl =========================== dnl initialize & set some vars dnl =========================== -AC_INIT(strongSwan,4.2.14) +AC_INIT(strongSwan,4.2.15) AM_INIT_AUTOMAKE(tar-ustar) AC_C_BIGENDIAN AC_SUBST(confdir, '${sysconfdir}') diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index 3f682b2ba..a85f5e030 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -206,7 +206,8 @@ static struct vid_struct _vid_tab[] = { /* * strongSwan */ - DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.14") + DEC_MD5_VID(STRONGSWAN, "strongSwan 4.2.15") + DEC_MD5_VID(STRONGSWAN_4_2_14,"strongSwan 4.2.14") DEC_MD5_VID(STRONGSWAN_4_2_13,"strongSwan 4.2.13") DEC_MD5_VID(STRONGSWAN_4_2_12,"strongSwan 4.2.12") DEC_MD5_VID(STRONGSWAN_4_2_11,"strongSwan 4.2.11") diff --git a/src/pluto/vendor.h b/src/pluto/vendor.h index 70d1ad4d1..2d053801f 100644 --- a/src/pluto/vendor.h +++ b/src/pluto/vendor.h @@ -131,6 +131,7 @@ enum known_vendorid { VID_STRONGSWAN_4_2_11 =111, VID_STRONGSWAN_4_2_12 =112, VID_STRONGSWAN_4_2_13 =113, + VID_STRONGSWAN_4_2_14 =114, /* 101 - 200 : NAT-Traversal */ VID_NATT_STENBERG_01 =151, diff --git a/testing/INSTALL b/testing/INSTALL index b5dd61fad..6bbe4eba1 100644 --- a/testing/INSTALL +++ b/testing/INSTALL @@ -53,14 +53,14 @@ are required for the strongSwan testing environment: * A vanilla Linux kernel on which the UML kernel will be based on. We recommend the use of - http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.28.8.tar.bz2 + http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.29.4.tar.bz2 - * The Linux kernel 2.6.28 does not require any patches for the uml guest kernel + * The Linux kernel 2.6.29.4 does not require any patches for the uml guest kernel to successfully start up. * The matching .config file required to compile the UML kernel: - http://download.strongswan.org/uml/.config-2.6.28 + http://download.strongswan.org/uml/.config-2.6.29 * A gentoo-based UML file system (compressed size 130 MBytes) found at @@ -68,7 +68,7 @@ are required for the strongSwan testing environment: * The latest strongSwan distribution - http://download.strongswan.org/strongswan-4.2.14.tar.bz2 + http://download.strongswan.org/strongswan-4.2.15.tar.bz2 3. Creating the environment diff --git a/testing/testing.conf b/testing/testing.conf index 11cb5a658..d81a4237e 100755 --- a/testing/testing.conf +++ b/testing/testing.conf @@ -21,7 +21,7 @@ UMLTESTDIR=~/strongswan-testing # Bzipped kernel sources # (file extension .tar.bz2 required) -KERNEL=$UMLTESTDIR/linux-2.6.29.tar.bz2 +KERNEL=$UMLTESTDIR/linux-2.6.29.4.tar.bz2 # Extract kernel version KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'` @@ -33,7 +33,7 @@ KERNELCONFIG=$UMLTESTDIR/.config-2.6.29 #UMLPATCH=$UMLTESTDIR/uml-2.6.26.patch.bz2 # Bzipped source of strongSwan -STRONGSWAN=$UMLTESTDIR/strongswan-4.2.14.tar.bz2 +STRONGSWAN=$UMLTESTDIR/strongswan-4.2.15.tar.bz2 # strongSwan compile options (use "yes" or "no") USE_LIBCURL="yes" |