Debian 7: DLA-1059-1 Moderate: Strongswan DoS Vulnerability
debian lts
August 18, 2017
It was discovered that there was a denial-of-service vulnerability in the Strongswan Virtual Private Network (VPN) software
Topics Covered
Summary
Specific RSA signatures passed to the gmp plugin for verification could
cause a null-pointer dereference. Potential triggers are signatures in
certificates, but also signatures used during IKE authentication.
For more details, please see:
For Debian 7 "Wheezy", this issue has been fixed in strongswan version
4.5.2-1.5+deb7u10.
We recommend that you upgrade your strongswan packages.
Regards,
- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: strongswan
Version: 4.5.2-1.5+deb7u10
CVE ID: CVE-2017-11185
Debian Bug: #872155
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!