This update for strongswan fixes the following issues:
Update to strongswan 6.0.4:
- CVE-2025-9615: NetworkManager File Access (bsc#1257359).
- CVE-2026-25075: Integer Underflow When Handling EAP-TTLS AVP (bsc#1259472).
Changes for strongswan:
- Fixed a vulnerability in the NetworkManager plugin that potentially
allows using credentials of other local users. This vulnerability
has been registered as CVE-2025-9615.
- The maximum supported length for section names in swanctl.conf
has been increased to the upper limit of 256 characters that's
enforced by VICI.
- Prevent a crash if a confused peer rekeys a Child SA twice before
sending a delete.
- Fixed a memory leak if a peer's self-signed certificate is untrusted.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t...
Read the Full Advisory- openSUSE Leap 16.0:
strongswan-6.0.4-160000.1.1
strongswan-doc-6.0.4-160000.1.1
strongswan-fips-6.0.4-160000.1.1
strongswan-ipsec-6.0.4-160000.1.1
strongswan-mysql-6.0.4-160000.1.1
strongswan-nm-6.0.4-160000.1.1
strongswan-sqlite-6.0.4-160000.1.1
* bsc#1257359
* bsc#1259472
References:
* https://www.suse.com/security/cve/CVE-2025-9615.html
* https://www.suse.com/security/cve/CVE-2026-25075.html
Get the latest Linux and open source security news straight to your inbox.