d0758184c0
Fixes the following security issues: CVE-2018-16758: Michael Yonli discovered that tinc 1.0.34 and earlier allow a man-in-the-middle attack that, even if the MITM cannot decrypt the traffic sent between the two endpoints, when the MITM can correctly predict when an ephemeral key exchange message is sent in a TCP connection between two nodes, allows the MITM to force one node to send UDP packets in plaintext. The tinc 1.1pre versions are not affected by this. CVE-2018-16738: Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34 allow an oracle attack, similar to CVE-2018-16737, but due to the mitigations put in place for the Sweet32 attack in tinc 1.0.30, it now requires a timing attack that has only a limited time to complete. Tinc 1.1pre16 and earlier are also affected if there are nodes on the same VPN that still use the legacy protocol from tinc version 1.0.x. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
5 lines
311 B
Plaintext
5 lines
311 B
Plaintext
# Locally calculated after checking pgp signature
|
|
sha256 18c83b147cc3e2133a7ac2543eeb014d52070de01c7474287d3ccecc9b16895e tinc-1.0.35.tar.gz
|
|
sha256 3a112fd37b47d624e89b130d0e158bb8d14ec5bc9ecf5f18b448d2c07626e43d COPYING
|
|
sha256 9bf76a8aa304d807df20bf3d221c21d259764be63e39b58f299b80ba3ac14b5b COPYING.README
|