Download Strongswan 4.2.7

Various protocols can be used to secure connections over public networks, such as the widely used ipsec. Strongswan is an ipsec implementation for Linux systems whose 4.2 wing focuses on the current 2.6 Linux kernel. Support for ikev1, ikev2 and ipv6 is present as on this page can be read. The developers have released Strongswan 4.2.7 with the following list of changes:

Version 4.2.7:

• Fixed a Denial-of-Service vulnerability where an IKE_SA_INIT message with a KE payload containing zeroes only can cause a crash of the IKEv2 charon daemon due to a NULL pointer returned by the mpz_export() function of the GNU Multi Precision (GMP) library. Thanks go to Mu Dynamics Research Labs for making us aware of this problem.
• The new agent plugin provides a private key implementation on top of an ssh-agent.
• The NetworkManager plugin has been extended to support certificate client authentication using RSA keys loaded from a file or using ssh-agent.
• Daemon capability dropping has been ported to libcap and must be enabled explicitly –with-capabilities=libcap. Future version will support the newer libcap2 library.
• ipsec listalgs lists the IKEv2 cryptographic algorithms registered with the charon keying daemon.

[break]