secnet 0.3.1~beta1

Ian Jackson ijackson at chiark.greenend.org.uk
Thu May 1 19:17:08 BST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am pleased to announce secnet 0.3.1~beta1.  This is the first beta
of secnet 0.3.1.  It contains bugfixes, including some security fixes
to vulnerabilities which are exposed to internal vpn traffic.

It also has a new feature intended to help with underlying network
with broken handling of large packets.

0.3.1~beta1 can be found here:

 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
 http://www.chiark.greenend.org.uk/~secnet/release/0.3.1~beta1/

If you are able to do so conveniently, please test it.  It should be
backwards-compatibile with previous versions.  For those on the SGO
VPN: chiark is already running this version.

For a summary of the changes see the changelog extracts below.  For
full details see the git history.

secnet (0.3.1~beta1) unstable; urgency=low

  Security fixes (vulnerabilities are to inside attackers only):
  * SECURITY: Fixes to MTU and fragmentation handling.
  * SECURITY: Correctly set "unused" ICMP header field.
  * SECURITY: Fix IP length check not to crash on very short packets.

  New feature:
  * Make the inter-site MTU configurable, and negotiate it with the peer.

  Bugfixes etc.:
  * Fix netlink SEGV on clientless netlinks (i.e. configuration error).
  * Fix formatting error in p-t-p startup message.
  * Do not send ICMP errors in response to unknown incoming ICMP.
  * Fix formatting error in secnet.8 manpage.
  * Internal code rearrangements and improvements.

  Packaging improvements:
  * Updates to release checklist in Makefile.in.
  * Additions to the test-example suite.

 -- Ian Jackson <ijackson at chiark.greenend.org.uk>  Thu, 01 May 2014 19:02:56 +0100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTYo9SAAoJEOPjOSNItQ05mHUH/j3VXNOFd7fLEeFSxcwb845O
J51dWgVPnZcSbXrFigb8uaXfxXBoPxDMuQKz7yhRhsxFkaA7KiHM1fyYQ9b5Dj2w
96SwJ3Oem+bEG16sXBAeoB1tChx9pPGj23V6zB0ZZBmFeBlnTeQVq8j1FfAx3eq+
5gm0ksThVqDiJIdgDmCE1HDTMx7EacSpMvBWnIWc3tCxWJ5r+UWLHKsWHmaTJHx+
I5ebI3PcaOy975m9284q28dWyMdsFKZe1PRcCTpJuE8qZvpz0razBd7ck+vX+SWo
RttBh7ZCosOI86WyEXJ7dWICjJSvS0ebg/bxylvP4BOV0rgf76oBGftlzH8mynM=
=xBj6
-----END PGP SIGNATURE-----

More information about the sgo-software-announce mailing list