[SECURITY] [DLA 3663-1] strongswan security update

2023-11-2415:45:26

lists.debian.org

vpn

buffer overflow

strongswan

cve-2023-41913

security update

debian 10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.8%

JSON

Debian LTS Advisory DLA-3663-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
November 24, 2023 https://wiki.debian.org/LTS

Package : strongswan
Version : 5.7.2-1+deb10u4
CVE ID : CVE-2023-41913

It was discovered that there was a potential buffer overflow in
strongswan, a IPsec-based VPN (Virtual Private Network) server.

A vulnerability related to processing public Diffie-Hellman key
exchange values could have resulted in a buffer overflow and
potentially remote code execution as a result.

For Debian 10 buster, this problem has been fixed in version
5.7.2-1+deb10u4.

We recommend that you upgrade your strongswan packages.

For the detailed security status of strongswan please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/strongswan

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian12ppc64elstrongswan-pki< 5.9.8-5+deb12u1strongswan-pki_5.9.8-5+deb12u1_ppc64el.deb
Debian10i386libstrongswan-standard-plugins< 5.7.2-1+deb10u4libstrongswan-standard-plugins_5.7.2-1+deb10u4_i386.deb
Debian12arm64strongswan-charon< 5.9.8-5+deb12u1strongswan-charon_5.9.8-5+deb12u1_arm64.deb
Debian11armellibstrongswan< 5.9.1-1+deb11u4libstrongswan_5.9.1-1+deb11u4_armel.deb
Debian10armhfcharon-cmd< 5.7.2-1+deb10u4charon-cmd_5.7.2-1+deb10u4_armhf.deb
Debian12i386strongswan-pki< 5.9.8-5+deb12u1strongswan-pki_5.9.8-5+deb12u1_i386.deb
Debian11arm64libstrongswan-extra-plugins< 5.9.1-1+deb11u4libstrongswan-extra-plugins_5.9.1-1+deb11u4_arm64.deb
Debian12mipselstrongswan-pki< 5.9.8-5+deb12u1strongswan-pki_5.9.8-5+deb12u1_mipsel.deb
Debian12i386charon-cmd-dbgsym< 5.9.8-5+deb12u1charon-cmd-dbgsym_5.9.8-5+deb12u1_i386.deb
Debian11amd64libstrongswan< 5.9.1-1+deb11u4libstrongswan_5.9.1-1+deb11u4_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	ppc64el	strongswan-pki	< 5.9.8-5+deb12u1	strongswan-pki_5.9.8-5+deb12u1_ppc64el.deb
Debian	10	i386	libstrongswan-standard-plugins	< 5.7.2-1+deb10u4	libstrongswan-standard-plugins_5.7.2-1+deb10u4_i386.deb
Debian	12	arm64	strongswan-charon	< 5.9.8-5+deb12u1	strongswan-charon_5.9.8-5+deb12u1_arm64.deb
Debian	11	armel	libstrongswan	< 5.9.1-1+deb11u4	libstrongswan_5.9.1-1+deb11u4_armel.deb
Debian	10	armhf	charon-cmd	< 5.7.2-1+deb10u4	charon-cmd_5.7.2-1+deb10u4_armhf.deb
Debian	12	i386	strongswan-pki	< 5.9.8-5+deb12u1	strongswan-pki_5.9.8-5+deb12u1_i386.deb
Debian	11	arm64	libstrongswan-extra-plugins	< 5.9.1-1+deb11u4	libstrongswan-extra-plugins_5.9.1-1+deb11u4_arm64.deb
Debian	12	mipsel	strongswan-pki	< 5.9.8-5+deb12u1	strongswan-pki_5.9.8-5+deb12u1_mipsel.deb
Debian	12	i386	charon-cmd-dbgsym	< 5.9.8-5+deb12u1	charon-cmd-dbgsym_5.9.8-5+deb12u1_i386.deb
Debian	11	amd64	libstrongswan	< 5.9.1-1+deb11u4	libstrongswan_5.9.1-1+deb11u4_amd64.deb