------------------------------------------------------------------------- Debian LTS Advisory DLA-4359-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany November 03, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : strongswan Version : 5.9.1-1+deb11u5 CVE ID : CVE-2025-62291 Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of strongSwan, an IKE/IPsec suite. The eap-mschapv2 plugin does not correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash, and a heap-based buffer overflow that's potentially exploitable for remote code execution. For Debian 11 bullseye, this problem has been fixed in version 5.9.1-1+deb11u5. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part