Release and vulnerability announcements for strongSwan

strongSwan 5.3.1 Released

We are happy to announce the release of strongSwan 5.3.1, which brings AES-NI support and fixes a vulnerability and several other issues.

Denial-of Service and Possible Remote Code Execution Vulnerability (CVE-2015-3991)

A denial-of-service and possible remote code execution vulnerability was fixed that could be triggered by crafted IKE messages. Versions 5.2.2 and 5.3.0 are affected.

More information is provided in a separate blog entry.

Support for AES-NI and PCLMULQDQ instructions

The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86 and x64 architectures. It provides superior crypto performance in userland without any external libraries.

Fixed IKEv2 Fragmentation Causing Duplicate IVs

An issue that occurred with IKEv2 fragmentation (introduced with 5.2.1) and encryption algorithms that use sequential IVs (e.g. AES-GCM) has been fixed. Previously the IKE message ID was used as IV, but with IKEv2 fragmentation this ID is not unique anymore, causing the same IV to get used for fragments of the same message. This was fixed by including the fragment identifier in the IV (62e0abe759).

Increased Accuracy for RADIUS Accounting

The accuracy of usage statistics reported via RADIUS Accounting has been increased in several situations (e.g. if interim updates occur while rekeying a CHILD_SA).

Other Notable Changes

Download it from here - a more extensive changelog can be found on our wiki.