You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa strongswan

Sigurnosni nedostatak programskog paketa strongswan

——————————————————————————–
Fedora Update Notification
FEDORA-2015-0577
2015-01-12 23:10:20
——————————————————————————–

Name : strongswan
Product : Fedora 20
Version : 5.2.2
Release : 1.fc20
URL : http://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

——————————————————————————–
Update Information:

Fixes CVE-2014-9221 denial-of-service vulnerability.
——————————————————————————–
ChangeLog:

* Tue Jan 6 2015 Pavel Šimerda <psimerda@redhat.com> – 5.2.2-1
– new version 5.2.2
* Thu Dec 18 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.2-0.2.dr1
– Enabled ccm, and ctr plugins as it seems enabling just openssl does
not work for using ccm and ctr algos.
* Mon Dec 8 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.2-0.1.dr1
– New strongswan developer release 5.2.2dr1
* Mon Nov 24 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.1-2
– 1167331: Enabled native systemd support.
– Does not disable old systemd, starter, ipsec.conf support yet.
* Thu Oct 30 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.1-1
– New upstream release 5.2.1
* Thu Oct 16 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.1-0.2.rc1
– New upstream release candidate 5.2.1rc1
* Fri Oct 10 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.1-1
– new version 5.2.1dr1
* Thu Sep 25 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-7
– use upstream patch for json/json-c dependency
* Thu Sep 25 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-6
– Resolves: #1146145 – Strongswan is compiled without xauth-noauth plugin
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 5.2.0-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Aug 5 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-4
– Resolves: #1081804 – enable Kernel IPSec support
* Wed Jul 30 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-3
– rebuilt
* Tue Jul 29 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-2
– fix json-c dependency
* Tue Jul 15 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.0-1
– New upstream release 5.2.0
– The Attestation IMC/IMV pair supports the IMA-NG
measurement format
– Aikgen tool to generate an Attestation Identity Key bound
to a TPM
– Swanctl tool to provide a portable, complete IKE
configuration and control interface for the command
line using vici interface with libvici library
– PT-EAP transport protocol (RFC 7171) for TNC
– Enabled support for acert for checking X509 attribute certificate
– Updated patches, removed selinux patch as upstream has fixed it
in this release.
– Updated spec file with minor cleanups
* Thu Jun 26 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-0.4.dr6
– improve prerelease macro
* Thu Jun 26 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-0.3
– Resolves: #1111895 – bump to 5.2.0dr6
* Thu Jun 12 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-0.2
– Related: #1087437 – remove or upstream all patches not specific to fedora/epel
* Thu Jun 12 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-0.1.dr5
– fix the pre-release version according to guidelines before it gets branched
* Fri Jun 6 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0dr5-1
– new version 5.2.0dr5
– add json-c-devel to build deps
* Mon May 26 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0dr4-3
– merge two related patches
* Mon May 26 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0dr4-2
– clean up the patches a bit
* Thu May 22 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.0dr4-1
– New upstream developer release 5.2.0dr4
– Attestation IMV/IMC supports IMA-NG measurement format now
– Aikgen tool to generate an Attestation Identity Key bound
to a TPM
– PT-EAP transport protocol (RFC 7171) for TNC
– vici plugin provides IKE Configuration Interface for charon
– Enabled support for acert for checking X509 attribute certificate
– Updated patches
– Updated spec file with minor cleanups
* Tue Apr 15 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.3-1
– new version 5.1.3
* Mon Apr 14 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.3rc1-1
– new version 5.1.3rc1
* Mon Mar 24 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-4
– #1069928 – updated libexec patch.
* Tue Mar 18 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-3
– fixed el6 initscript
– fixed pki directory location
* Fri Mar 14 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-2
– clean up the specfile a bit
– replace the initscript patch with an individual initscript
– patch to build for epel6
* Mon Mar 3 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.2-1
– #1071353 – bump to 5.1.2
– #1071338 – strongswan is compiled without xauth-pam plugin
– remove obsolete patches
– sent all patches upstream
– added comments to all patches
– don’t touch the config with sed
* Thu Feb 20 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-6
– Fixed full hardening for strongswan (full relro and PIE).
The previous macros had a typo and did not work
(see bz#1067119).
– Fixed tnc package description to reflect the current state of
the package.
– Fixed pki binary and moved it to /usr/libexece/strongswan as
others binaries are there too.
* Wed Feb 19 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-5
– #903638 – SELinux is preventing /usr/sbin/xtables-multi from ‘read’ accesses on the chr_file /dev/random
* Thu Jan 9 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-4
– Removed redundant patches and *.spec commands caused by branch merging
* Wed Jan 8 2014 Pavel Šimerda <psimerda@redhat.com> – 5.1.1-3
– rebuilt
* Mon Dec 2 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-2
– Resolves: 973315
– Resolves: 1036844
* Fri Nov 1 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.1-1
– Support for PT-TLS (RFC 6876)
– Support for SWID IMC/IMV
– Support for command line IKE client charon-cmd
– Changed location of pki to /usr/bin
– Added swid tags files
– Added man pages for pki and charon-cmd
– Renamed pki to strongswan-pki to avoid conflict with
pki-core/pki-tools package.
– Update local patches
– Fixes CVE-2013-6075
– Fixes CVE-2013-6076
– Fixed autoconf/automake issue as configure.ac got changed
and it required running autoreconf during the build process.
– added strongswan signature file to the sources.
* Thu Sep 12 2013 Avesh Agarwal <avagarwa@redhat.com> – 5.1.0-3
– Fixed initialization crash of IMV and IMC particularly
attestation imv/imc as libstrongswas was not getting
initialized.
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update strongswan’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-3043
2015-03-04 07:08:47
——————————————————————————–

Name : strongswan
Product : Fedora 21
Version : 5.2.2
Release : 2.fc21
URL : http://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

——————————————————————————–
Update Information:

Fixes strongswan swanctl service issue rhbz#1193106
Fixes CVE-2014-9221 denial-of-service vulnerability.
——————————————————————————–
ChangeLog:

* Fri Feb 20 2015 Avesh Agarwal <avagarwa@redhat.com> – 5.2.2-2
– Fixes strongswan swanctl service issue rhbz#1193106
* Tue Jan 6 2015 Pavel Šimerda <psimerda@redhat.com> – 5.2.2-1
– new version 5.2.2
* Thu Dec 18 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.2-0.2.dr1
– Enabled ccm, and ctr plugins as it seems enabling just openssl does
not work for using ccm and ctr algos.
* Mon Dec 8 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.2-0.1.dr1
– New strongswan developer release 5.2.2dr1
* Mon Nov 24 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.1-2
– 1167331: Enabled native systemd support.
– Does not disable old systemd, starter, ipsec.conf support yet.
* Thu Oct 30 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.1-1
– New upstream release 5.2.1
* Thu Oct 16 2014 Avesh Agarwal <avagarwa@redhat.com> – 5.2.1-0.2.rc1
– New upstream release candidate 5.2.1rc1
* Fri Oct 10 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.1-1
– new version 5.2.1dr1
* Thu Sep 25 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-7
– use upstream patch for json/json-c dependency
* Thu Sep 25 2014 Pavel Šimerda <psimerda@redhat.com> – 5.2.0-6
– Resolves: #1146145 – Strongswan is compiled without xauth-noauth plugin
——————————————————————————–
References:

[ 1 ] Bug #1173064 – CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload
https://bugzilla.redhat.com/show_bug.cgi?id=1173064
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update strongswan’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci većeg broja programskih paketa

Otkriveni su sigurnosni nedostaci kod većeg broja programskih paketa za operacijski sustav Mandriva. Svim korisnicima savjetuje se instalacija izdanih nadogradnji.

Close