Debian Security Advisory
DLA-1059-1 strongswan -- LTS security update
- Date Reported:
- 18 Aug 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-11185.
- More information:
It was discovered that there was a denial-of-service vulnerability in the Strongswan Virtual Private Network (VPN) software.
Specific RSA signatures passed to the gmp plugin for verification could cause a null-pointer dereference. Potential triggers are signatures in certificates, but also signatures used during IKE authentication.
For more details, please see:
For Debian 7
Wheezy, this issue has been fixed in strongswan version 4.5.2-1.5+deb7u10.
We recommend that you upgrade your strongswan packages.