Fedora 35: FEDORA-2021-95fab6a482 Moderate: strongSwan Integer Overflow

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key

exchange protocols in conjunction with the native NETKEY IPsec stack of the

Linux kernel.

Fix for CVE-2021-41990 and CVE-2021-41991

* Wed Oct 20 2021 Paul Wouters - 5.9.4-1

- Resolves: rhbz#2015165 strongswan-5.9.4 is available

- Resolves: rhbz#2015611 CVE-2021-41990 strongswan: gmp plugin: integer overflow via a crafted certificate with an RSASSA-PSS signature

- Resolves: rhbz#2015614 CVE-2021-41991 strongswan: integer overflow when replacing certificates in cache

- Add BuildRequire for tpm2-tss-devel and weak dependency for tpm2-tools

* Tue Sep 14 2021 Sahana Prasad - 5.9.3-4

- Rebuilt with OpenSSL 3.0.0

[ 1 ] Bug #2015165 - strongswan-5.9.4 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2015165

[ 2 ] Bug #2015611 - CVE-2021-41990 strongswan: gmp plugin: integer overflow via a crafted certificate with an RSASSA-PSS signature [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2015611

[ 3 ] Bug #2015614 - CVE-2021-41991 strongswan: integer overflow when replacing certificates in cache [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2015614

su -c 'dnf upgrade --advisory FEDORA-2021-95fab6a482' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure