Debian Security Advisory

DLA-3143-1 strongswan -- LTS security update

Date Reported:
10 Oct 2022
Affected Packages:
strongswan
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2022-40617.
More information:

It was discovered that there was a potential denial of service vulnerability in strongswan, an IPsec VPN solution.

Strongswan could have queried URLs with untrusted certificates, and this could potentially lead to a DoS attack by blocking the fetcher thread.

For Debian 10 Buster, this problem has been fixed in version 5.7.2-1+deb10u3.

We recommend that you upgrade your strongswan packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS