Advisory ROSA-SA-2023-2274

software: strongswan 5.9.10
OS: ROSA-CHROME

package_evr_string: strongswan-5.9.10-1.src.rpm

CVE-ID: CVE-2021-41990
BDU-ID: 2022-04051
CVE-Crit: HIGH
CVE-DESC.: The gmp plugin in StrongSwan prior to version 5.9.4 has a remote integer overflow via a generated RSASSA-PSS signed certificate. For example, this could be caused by an unlinked self-authenticating CA certificate sent by the initiator. Remote code execution is not possible.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update strongswan

CVE-ID: CVE-2021-41991
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: The in-memory certificate cache in StrongSwan before version 5.9.4 has a remote integer overflow when receiving multiple requests with different certificates to fill the cache and then replace the cache entries. The code tries to select a less frequently used cache entry using a random number generator, but this is not done correctly. Remote code execution may be a small probability.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update strongswan

CVE-ID: CVE-2021-45079
BDU-ID: None
CVE-Crit: CRITICAL.
CVE-DESC.: In StrongSwan before 5.9.5, an attacker can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without authenticating the server.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update strongswan

CVE-ID: CVE-2022-40617
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: StrongSwan to version 5.9.8 allows remote attackers to cause a denial of service in a revocation plugin by sending a crafted endpoint (and intermediate CA) certificate that contains a CRL/OCSP URL pointing to a server (under the attacker’s control) that does not respond properly, but (for example) simply does nothing after the initial TCP validation or sends too much application data.
CVE-STATUS: Fixed
CVE-REV: To close, run command: sudo dnf update strongswan