[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 973-1] strongswan security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : strongswan
Version        : 4.5.2-1.5+deb7u9
CVE ID         : CVE-2017-9022 CVE-2017-9023

Two denial of service vulnerabilities were identified in strongSwan, an
IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

CVE-2017-9022

    RSA public keys passed to the gmp plugin aren't validated sufficiently
    before attempting signature verification, so that invalid input might
    lead to a floating point exception and crash of the process.
    A certificate with an appropriately prepared public key sent by a peer
    could be used for a denial-of-service attack.

CVE-2017-9023

    ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
    parsing X.509 certificates with extensions that use such types. This could
    lead to infinite looping of the thread parsing a specifically crafted
    certificate.

For Debian 7 "Wheezy", these problems have been fixed in version
4.5.2-1.5+deb7u9.

We recommend that you upgrade your strongswan packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEl0WwInMjgf6efq/1bdtT8qZ1wKUFAlkwan8ACgkQbdtT8qZ1
wKX8kwf9HD1z1N3o/atabA6uCRDWMWpyjkbBrYwZ1e8JUoAwaARORGeYCrh9OrKl
zQCEc9J8ljyyMHj/XwyyWd4+sRldH9VSQAmq1zDLddFkQS5pQu15QwCQJrV07Bhd
e5LzJ0o7rOB/vf4sM57qcEI2rwPgZnTDiNZjRVhSJXJUZKCxdWHcoN/su2cHGG2d
6A5/C8d1FBB2xFPf/1otDgAcZ57qaSQcpJbdLpnO0C4bif74NeV8JmYyDBk7TyyT
YELcqBSab8TTFMESkxJ17SZrn6L6OSKDMO4Df306Gxf+m0FKu3CMH/b7Ehu9+h0A
Fhyj6n23MaS6hu6Lfoln0ipiO7yAKg==
=sUzv
-----END PGP SIGNATURE-----


Reply to: