ijackson at chiark.greenend.org.uk
Thu May 1 19:17:08 BST 2014
-----BEGIN PGP SIGNED MESSAGE-----
I am pleased to announce secnet 0.3.1~beta1. This is the first beta
of secnet 0.3.1. It contains bugfixes, including some security fixes
to vulnerabilities which are exposed to internal vpn traffic.
It also has a new feature intended to help with underlying network
with broken handling of large packets.
0.3.1~beta1 can be found here:
If you are able to do so conveniently, please test it. It should be
backwards-compatibile with previous versions. For those on the SGO
VPN: chiark is already running this version.
For a summary of the changes see the changelog extracts below. For
full details see the git history.
secnet (0.3.1~beta1) unstable; urgency=low
Security fixes (vulnerabilities are to inside attackers only):
* SECURITY: Fixes to MTU and fragmentation handling.
* SECURITY: Correctly set "unused" ICMP header field.
* SECURITY: Fix IP length check not to crash on very short packets.
* Make the inter-site MTU configurable, and negotiate it with the peer.
* Fix netlink SEGV on clientless netlinks (i.e. configuration error).
* Fix formatting error in p-t-p startup message.
* Do not send ICMP errors in response to unknown incoming ICMP.
* Fix formatting error in secnet.8 manpage.
* Internal code rearrangements and improvements.
* Updates to release checklist in Makefile.in.
* Additions to the test-example suite.
-- Ian Jackson <ijackson at chiark.greenend.org.uk> Thu, 01 May 2014 19:02:56 +0100
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the sgo-software-announce