[BSA-086] Security update for strongswan

To: debian-backports-announce@lists.debian.org
Subject: [BSA-086] Security update for strongswan
From: Romain Francoise <rfrancoise@debian.org>
Date: Tue, 12 Nov 2013 23:20:01 +0100
Message-id: <[🔎] 87siv1ntym.fsf@silenus.orebokech.com>

Updated strongswan packages for squeeze-backports and wheezy-backports
fix the following vulnerabilities:

- CVE-2013-2944: When using the openssl plugin for ECDSA based
  authentication, an empty, zeroed or otherwise invalid signature is
  handled as a legitimate one.

- CVE-2013-6075: DoS vulnerability and potential authorization bypass
  triggered by a crafted ID_DER_ASN1_DN ID payload.

- CVE-2013-6076: DoS vulnerability triggered by crafted IKEv1
  fragmentation payloads.

The squeeze-backports distribution was affected by CVE-2013-2944 and
CVE-2013-6075. These problems have been fixed in version
4.5.2-1.5+deb7u2~bpo60+1.

The wheezy-backports distribution was affected by CVE-2013-6075 and
CVE-2013-6076. These problems have been fixed in version
5.1.0-3~bpo70+1.

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [BSA-085] Security Update for roundcube
Next by Date: [BSA-087] Security Update for openssh
Previous by thread: [BSA-085] Security Update for roundcube
Next by thread: [BSA-087] Security Update for openssh
Index(es):
- Date
- Thread