[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1059-1] strongswan security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : strongswan
Version        : 4.5.2-1.5+deb7u10
CVE ID         : CVE-2017-11185
Debian Bug     : #872155

It was discovered that there was a denial-of-service vulnerability in
the Strongswan Virtual Private Network (VPN) software.

Specific RSA signatures passed to the gmp plugin for verification could
cause a null-pointer dereference. Potential triggers are signatures in
certificates, but also signatures used during IKE authentication.

For more details, please see:

  <https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html>


For Debian 7 "Wheezy", this issue has been fixed in strongswan version
4.5.2-1.5+deb7u10.

We recommend that you upgrade your strongswan packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmW/6IACgkQHpU+J9Qx
Hli0DRAAuDdyw7nfM3Yo/vmme4+eU21PkQ0huSIeio3J0wcyvxsRqmMM3YWmn06f
OwVqdfahSQra2aLGhp0ADoSL82OJ0+ogb5+S0ecwj1nCWgccoDmFbthuNm0qdhWS
BTVUkWxMnvNIcokLfBp8WoUftoMSO/7IayrMPq7yc2gd+0nWgd0ux0tWaSOJaNBS
bSgCh0O2hLH2Lkcuw5hYrm4D+LXxBniTqhVciAnAN/UY+OTDWuRcRVd8NMFrD7yT
QZNwtuh8PyQ+4W8DToofRdJVgYWY/WmuR88p1ofmSJeIX+97HwMwocBc5+9E4LjP
JTzefI/fDEVT5bbHBXqBHdgMwT1UsAWCeYsSee2xgfxkioWErlav2Oe9PNm71PAi
RV7eDnlJqm+nqtcMLCUkOfMGhEVWqJJHIAmWMN4LocEE+SAwnIyH0nPyOsUXjhr0
0U8uifgDymRq9yh/bCq1FuH+AzYUF23c9gQBz5umj9839ZeYIW8/BLgFqvcteg6x
3YpWGFMic270+EyDidDK0+MfO7tmFR4PpxLx7L1DjFlTUDXTgLZ0NEo+6ivmh14R
GwKzAOE4CucASLw+ALigpnUE+mcqMtYgu1wumLj3xpjhoXrCfZx0RBExwPvEX02s
fj/TFynstavp9w335GQagbQTiJjTpzYAQ54ZI7CZmzGX2r5HjSo=
=XQ4d
-----END PGP SIGNATURE-----


Reply to: