NEWS: Add info about CVE-2015-8023
This commit is contained in:
Tobias Brunner
Andreas Steffen
parent
f9c5c80553
commit
453e204ac4
5
NEWS
5
NEWS
|
|
@ -1,6 +1,11 @@
|
|||
strongswan-5.3.4
|
||||
----------------
|
||||
|
||||
- Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that
|
||||
was caused by insufficient verification of the internal state when handling
|
||||
MSCHAPv2 Success messages received by the client.
|
||||
This vulnerability has been registered as CVE-2015-8023.
|
||||
|
||||
- The sha3 plugin implements the SHA3 Keccak-F1600 hash algorithm family.
|
||||
Within the strongSwan framework SHA3 is currently used for BLISS signatures
|
||||
only because the OIDs for other signature algorithms haven't been defined
|
||||
|
|
|
|||
Loading…
Reference in New Issue