[Openswan Users] Openswan 2.6.41 released

Thomas Geulig geulig at nentec.de
Fri Feb 28 10:02:48 EST 2014


There are problems with NAT-Traversal in 2.6.41:

[fgt1(root)]:~# ipsec whack --debug-raw --debug-crypt --debug-parsing --debug-
emitting --debug-controlmore --debug-pfkey --debug-natt
[fgt1(root)]:~# ipsec auto --up vpnB
104 "vpnB" #3: STATE_MAIN_I1: initiate
003 "vpnB" #3: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
method set to=108
003 "vpnB" #3: next payload type of ISAKMP NAT-D Payload has an unknown value:
130
032 "vpnB" #3: STATE_MAIN_I1: internal error

The payload_name structs for NAT got lost during the fix for CVE-2014-2037.

The attached patch puts them in again.

Thomas


Am Freitag, 21. Februar 2014, 16:05:05 schrieb Patrick Naubert:
> Dear community,
>
> Openswan 2.6.41 released to the community
>
>
>
> https://www.openswan.org/download/openswan-2.6.41.tar.gz
> https://www.openswan.org/download/openswan-2.6.41.tar.gz.asc
>
>
>  This version specifically addresses CVE 2014-2037
>  This CVE is a continuation of CVE 2013-6466. We missed some cases.
>
> A full list of changes follows below.
>
> Regards,
>
> Patrick Naubert
>
> * SAREF: kernel patches updated to linux 3.11.0 (Simon Deziel)
> * Fix for CVE-2014-2037 (Paul Wouters, Hugh Redelmeier)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nat_payload.patch
Type: text/x-patch
Size: 664 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20140228/303db347/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4769 bytes
Desc: not available
URL: <http://lists.openswan.org/pipermail/users/attachments/20140228/303db347/attachment-0001.bin>


More information about the Users mailing list