secnet 0.3.1~beta1
Ian Jackson
ijackson at chiark.greenend.org.uk
Thu May 1 19:17:08 BST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I am pleased to announce secnet 0.3.1~beta1. This is the first beta
of secnet 0.3.1. It contains bugfixes, including some security fixes
to vulnerabilities which are exposed to internal vpn traffic.
It also has a new feature intended to help with underlying network
with broken handling of large packets.
0.3.1~beta1 can be found here:
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/secnet.git/
http://www.chiark.greenend.org.uk/~secnet/release/0.3.1~beta1/
If you are able to do so conveniently, please test it. It should be
backwards-compatibile with previous versions. For those on the SGO
VPN: chiark is already running this version.
For a summary of the changes see the changelog extracts below. For
full details see the git history.
secnet (0.3.1~beta1) unstable; urgency=low
Security fixes (vulnerabilities are to inside attackers only):
* SECURITY: Fixes to MTU and fragmentation handling.
* SECURITY: Correctly set "unused" ICMP header field.
* SECURITY: Fix IP length check not to crash on very short packets.
New feature:
* Make the inter-site MTU configurable, and negotiate it with the peer.
Bugfixes etc.:
* Fix netlink SEGV on clientless netlinks (i.e. configuration error).
* Fix formatting error in p-t-p startup message.
* Do not send ICMP errors in response to unknown incoming ICMP.
* Fix formatting error in secnet.8 manpage.
* Internal code rearrangements and improvements.
Packaging improvements:
* Updates to release checklist in Makefile.in.
* Additions to the test-example suite.
-- Ian Jackson <ijackson at chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJTYo9SAAoJEOPjOSNItQ05mHUH/j3VXNOFd7fLEeFSxcwb845O
J51dWgVPnZcSbXrFigb8uaXfxXBoPxDMuQKz7yhRhsxFkaA7KiHM1fyYQ9b5Dj2w
96SwJ3Oem+bEG16sXBAeoB1tChx9pPGj23V6zB0ZZBmFeBlnTeQVq8j1FfAx3eq+
5gm0ksThVqDiJIdgDmCE1HDTMx7EacSpMvBWnIWc3tCxWJ5r+UWLHKsWHmaTJHx+
I5ebI3PcaOy975m9284q28dWyMdsFKZe1PRcCTpJuE8qZvpz0razBd7ck+vX+SWo
RttBh7ZCosOI86WyEXJ7dWICjJSvS0ebg/bxylvP4BOV0rgf76oBGftlzH8mynM=
=xBj6
-----END PGP SIGNATURE-----
More information about the sgo-software-announce
mailing list