26 matches found
SUSE: Security Advisory (SUSE-SU-2022:14887-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:3056-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:3266-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)
This update for strongswan provides the following fixes : Security issues fixed : CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. CVE-2018-10811: Fixed a...
openSUSE Security Update : strongswan (openSUSE-2019-2598)
This update for strongswan fixes the following issues : Security issues fixed : - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. - CVE-2018-10811: Fixed...
Photon OS 1.0: Strongswan PHSA-2019-1.0-0203
An update of the strongswan package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0203. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 29 : strongswan (2018-a0d22c2a21)
Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 28 : strongswan (2018-61df554bb1)
Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
GLSA-201811-16 : strongSwan: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201811-16 strongSwan: Multiple vulnerabilities Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service...
Fedora Update for strongswan FEDORA-2018-9caa6528d2
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : strongswan (2018-9caa6528d2)
Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
CVE-2018-16151
In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...
Debian DSA-4309-1 : strongswan - security update
Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 DSA-4305-1. An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer...
Debian DLA-1522-1 : strongswan security update
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several security issues in the gmp plugin for strongSwan, an IKE/IPsec suite. CVE-2018-16151 The OID parser in the ASN.1 code in gmp allows any number of random bytes after a valid OID. CVE-2018-16152 The...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : strongSwan vulnerabilities (USN-3771-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3771-1 advisory. It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to...
CVE-2018-16151
In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...
CVE-2018-16151
In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...
CVE-2018-16151
In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...
CVE-2018-16151
In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...
[SECURITY] [DLA 1522-1] strongswan security update
Package : strongswan Version : 5.2.1-6+deb8u7 CVE ID : CVE-2018-16151 CVE-2018-16152 Sze Yiu Chau and his team from Purdue University and The University of Iowa found several security issues in the gmp plugin for strongSwan, an IKE/IPsec suite. CVE-2018-16151 The OID parser in the ASN.1 code in g...