[SECURITY] [DSA 3962-1] strongswan security update

2017-09-0313:23:01

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.007 Low

EPSS

Percentile

80.7%

JSON

Debian Security Advisory DSA-3962-1 [email protected]
https://www.debian.org/security/ Yves-Alexis Perez
September 03, 2017 https://www.debian.org/security/faq

Package : strongswan
CVE ID : CVE-2017-11185
Debian Bug : 872155

A denial of service vulnerability was identified in strongSwan, an IKE/IPsec
suite, using Google's OSS-Fuzz fuzzing project.

The gmp plugin in strongSwan had insufficient input validation when verifying
RSA signatures. This coding error could lead to a null pointer dereference,
leading to process crash.

For the oldstable distribution (jessie), this problem has been fixed
in version 5.2.1-6+deb8u5.

For the stable distribution (stretch), this problem has been fixed in
version 5.5.1-4+deb9u1.

For the testing distribution (buster), this problem has been fixed
in version 5.6.0-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.6.0-1.

We recommend that you upgrade your strongswan packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipslibstrongswan-standard-plugins-dbgsym< 5.5.1-4+deb9u1libstrongswan-standard-plugins-dbgsym_5.5.1-4+deb9u1_mips.deb
Debian9mipsstrongswan-scepclient-dbgsym< 5.5.1-4+deb9u1strongswan-scepclient-dbgsym_5.5.1-4+deb9u1_mips.deb
Debian9ppc64elstrongswan-libcharon< 5.5.1-4+deb9u1strongswan-libcharon_5.5.1-4+deb9u1_ppc64el.deb
Debian7amd64libstrongswan< 4.5.2-1.5+deb7u10libstrongswan_4.5.2-1.5+deb7u10_amd64.deb
Debian8kfreebsd-i386strongswan-charon< 5.2.1-6+deb8u5strongswan-charon_5.2.1-6+deb8u5_kfreebsd-i386.deb
Debian8armhfstrongswan-libcharon< 5.2.1-6+deb8u5strongswan-libcharon_5.2.1-6+deb8u5_armhf.deb
Debian9s390xcharon-cmd< 5.5.1-4+deb9u1charon-cmd_5.5.1-4+deb9u1_s390x.deb
Debian9mipselcharon-systemd< 5.5.1-4+deb9u1charon-systemd_5.5.1-4+deb9u1_mipsel.deb
Debian9s390xlibstrongswan< 5.5.1-4+deb9u1libstrongswan_5.5.1-4+deb9u1_s390x.deb
Debian9mips64elstrongswan-nm< 5.5.1-4+deb9u1strongswan-nm_5.5.1-4+deb9u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips	libstrongswan-standard-plugins-dbgsym	< 5.5.1-4+deb9u1	libstrongswan-standard-plugins-dbgsym_5.5.1-4+deb9u1_mips.deb
Debian	9	mips	strongswan-scepclient-dbgsym	< 5.5.1-4+deb9u1	strongswan-scepclient-dbgsym_5.5.1-4+deb9u1_mips.deb
Debian	9	ppc64el	strongswan-libcharon	< 5.5.1-4+deb9u1	strongswan-libcharon_5.5.1-4+deb9u1_ppc64el.deb
Debian	7	amd64	libstrongswan	< 4.5.2-1.5+deb7u10	libstrongswan_4.5.2-1.5+deb7u10_amd64.deb
Debian	8	kfreebsd-i386	strongswan-charon	< 5.2.1-6+deb8u5	strongswan-charon_5.2.1-6+deb8u5_kfreebsd-i386.deb
Debian	8	armhf	strongswan-libcharon	< 5.2.1-6+deb8u5	strongswan-libcharon_5.2.1-6+deb8u5_armhf.deb
Debian	9	s390x	charon-cmd	< 5.5.1-4+deb9u1	charon-cmd_5.5.1-4+deb9u1_s390x.deb
Debian	9	mipsel	charon-systemd	< 5.5.1-4+deb9u1	charon-systemd_5.5.1-4+deb9u1_mipsel.deb
Debian	9	s390x	libstrongswan	< 5.5.1-4+deb9u1	libstrongswan_5.5.1-4+deb9u1_s390x.deb
Debian	9	mips64el	strongswan-nm	< 5.5.1-4+deb9u1	strongswan-nm_5.5.1-4+deb9u1_mips64el.deb