3 June 2009, 11:40

Security Updates for strongSwan

The developers of strongSwan, the free IPsec implementation, have released new versions and patches to eliminate two denial of service vulnerabilities in the IKEv2 Charon, key exchange daemon. One vulnerability allows a malformed IKE_SA_INIT request to leave the Charon daemon in an incomplete state, which could lead to a crash if CREATE_CHILD_SA was received later. The other vulnerability could be triggered by a malformed IKE_AUTH request that was missing its traffic selector payload, which would also cause the IKEv2 Charon to crash.

In practice, these vulnerabilities could lead to deterioration in existing VPN connections and, if repeated, cause communications to come to a halt. The problem affects versions of strongSwan 4.1.0 to 4.3.0. Fixes are included in versions 4.2.15 and 4.3.1 which are available to download and patches have also been published.

Security Updates for strongSwan

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit