Package strongswan updated to version 5.5.3-alt1 for branch sisyphus in task 183682.

Published: 2017-06-08
Modified: 2024-11-21

CVE-2017-9022

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

DSA-3866
DSA-3866
98760
98760
USN-3301-1
USN-3301-1
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html

Published: 2017-06-08
Modified: 2024-11-21

CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

DSA-3866
DSA-3866
98756
98756
USN-3301-1
USN-3301-1
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html

Version: 2.1.0

Package strongswan update in sisyphus on 2017-06-01

ALT-PU-2017-1678-1

Closed vulnerabilities

CVE-2017-9022

CVE-2017-9023