Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-1059-1 strongswan

Debian Security Advisory

DLA-1059-1 strongswan -- LTS security update

Date Reported:

18 Aug 2017

Affected Packages:

strongswan

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-11185.

More information:

It was discovered that there was a denial-of-service vulnerability in the Strongswan Virtual Private Network (VPN) software.

Specific RSA signatures passed to the gmp plugin for verification could cause a null-pointer dereference. Potential triggers are signatures in certificates, but also signatures used during IKE authentication.

For more details, please see:

https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html

For Debian 7 Wheezy, this issue has been fixed in strongswan version 4.5.2-1.5+deb7u10.

We recommend that you upgrade your strongswan packages.