Blog

Release and vulnerability announcements for strongSwan

A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.

We are happy to announce the release of strongSwan 5.9.10, which fixes a vulnerability affecting TLS-based EAP methods, adds support for full packet hardware offload with Linux 6.2, properly supports TLS 1.3 in TLS-based EAP methods, can automatically install routes via XFRM interfaces, and comes with several other new features and fixes.