[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1528-1] strongswan security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : strongswan
Version        : 5.2.1-6+deb8u8
CVE ID         : CVE-2018-17540

It was discovered that there was a denial-of-service vulnerability in
strongswan, a virtual private network (VPN) client and server.

Verification of an RSA signature with a very short public key caused an
integer underflow in a length check that resulted in a heap buffer
overflow.

For Debian 8 "Jessie", this issue has been fixed in strongswan version
5.2.1-6+deb8u8.

We recommend that you upgrade your strongswan packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluzRa4ACgkQHpU+J9Qx
Hlj3Lw//elj08ME+zL/RCQyXhiYpQPl1PHyyhWEkm89NVfSBmPV2fY1UNygoz7hf
T4Z+iTjUwl24tq3KXVq9yNFJHkJVPPtm7KfT3wsJ14y1hWvTw6mdiY/8749XdRov
Bu6HvRZmvJB/lgTJCulSp7vok2lsD6vUFgMDz0s5DBfQZ77pRGBJohciqKfnfnUB
Ql8AQnhh+FRYh6un8FGvbC2kDUp3RMbeQgz1QbsJ+Wh75lDjNMt0pDrU1F7cN9Ij
FZiUR6/u2cpXnRSvDKuzO5lz4RYmRLaCG/wR6rKyd34e1AbHgXItkViau7IDtzwB
5kJJj41blbKAPzwLjbZUB206JIq1Qt3WdzwsMbUYMlKacr8CCE/si8B3C9CXXOlz
FCFVpeqTjgKxbq1SWqTNa6CejU+napLSvXiKXlGagQi90qYPrJSKwMN79ubB+vmD
jAHjgmquzrbELLDvFCAMeg/wwSf4U+c1SspLbNoHSSa4L8g5pJg4CiG/a+yhPf78
cdXrOTZqW18/7L86R2sCpQ3GASutcp7aPfJpCPKAOcHj33uaU8L5OUWkxTzT1Tc0
lanbDV47iqysRc/NSibEwGpOKvuLbUO3n/a9BsuhB72P/2Kz2CwXl4HMEEOLFOB0
ZaSBRmV0fVxg2kPzuCKaTO1HnFOlby1d7T4/8ERX+zLy6929x8o=
=vqor
-----END PGP SIGNATURE-----
Reply to: