Debian Security Advisory

DLA-1059-1 strongswan -- LTS security update

Date Reported:
18 Aug 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-11185.
More information:

It was discovered that there was a denial-of-service vulnerability in the Strongswan Virtual Private Network (VPN) software.

Specific RSA signatures passed to the gmp plugin for verification could cause a null-pointer dereference. Potential triggers are signatures in certificates, but also signatures used during IKE authentication.

For more details, please see:

For Debian 7 Wheezy, this issue has been fixed in strongswan version 4.5.2-1.5+deb7u10.

We recommend that you upgrade your strongswan packages.