ALT-BU-2015-2223-1
Branch t7 update bulletin.
Package strongswan updated to version 5.2.2-alt1 for branch t7 in task 138100.
Closed vulnerabilities
BDU:2015-04320
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-04321
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09781
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации
Modified: 2024-11-21
CVE-2013-6075
The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
- http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch
- http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch
- DSA-2789
- DSA-2789
- http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html
- http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html
Modified: 2024-11-21
CVE-2013-6076
strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
Modified: 2024-11-21
CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.
- SUSE-SU-2014:0529
- SUSE-SU-2014:0529
- openSUSE-SU-2014:0697
- openSUSE-SU-2014:0697
- openSUSE-SU-2014:0700
- openSUSE-SU-2014:0700
- 57823
- 57823
- DSA-2903
- DSA-2903
- 66815
- 66815
- http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html
- http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html
Modified: 2024-11-21
CVE-2014-2891
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
- openSUSE-SU-2014:0697
- openSUSE-SU-2014:0697
- openSUSE-SU-2014:0700
- openSUSE-SU-2014:0700
- 59864
- 59864
- DSA-2922
- DSA-2922
- 67212
- 67212
- http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html
- http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html
Modified: 2024-11-21
CVE-2014-9221
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
- FEDORA-2015-3043
- FEDORA-2015-3043
- openSUSE-SU-2015:0114
- openSUSE-SU-2015:0114
- 62071
- 62071
- 62083
- 62083
- 62095
- 62095
- 62663
- 62663
- http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html
- http://strongswan.org/blog/2015/01/05/strongswan-5.2.2-released.html
- http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html
- http://strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html
- DSA-3118
- DSA-3118
- 71894
- 71894
- USN-2450-1
- USN-2450-1