[BSA-086] Security update for strongswan

Type debian
Reporter Debian
Modified 2013-12-04T12:16:51


Updated strongswan packages for squeeze-backports and wheezy-backports fix the following vulnerabilities:

  • CVE-2013-2944: When using the openssl plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one.

  • CVE-2013-6075: DoS vulnerability and potential authorization bypass triggered by a crafted ID_DER_ASN1_DN ID payload.

  • CVE-2013-6076: DoS vulnerability triggered by crafted IKEv1 fragmentation payloads.

The squeeze-backports distribution was affected by CVE-2013-2944 and CVE-2013-6075. These problems have been fixed in version 4.5.2-1.5+deb7u2~bpo60+1.

The wheezy-backports distribution was affected by CVE-2013-6075 and CVE-2013-6076. These problems have been fixed in version 5.1.0-3~bpo70+1.

-- Romain Francoise <rfrancoise@debian.org> http://people.debian.org/~rfrancoise/