Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux 16.0 StrongSwan Important Update CVE-2026-35328 DoS 2026-21547-1

suse
Calendar Grey May 11, 2026
Dist Suse Esm H88
A critical security advisory for SUSE addressing important updates in strongswan to fix seven vulnerabilities impacting security.
An update that solves seven vulnerabilities and contains one feature can now be installed.

Summary

## This update for strongswan fixes the following issues: Update to version 6.0.6 (jsc#PED-16145). Security issued fixed: * CVE-2026-35328: infinite loop when handling supported versions TLS extension (bsc#1261712). * CVE-2026-35329: NULL pointer dereference when processing padding in PKCS#7 (bsc#1261717). * CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes (bsc#1261705). * CVE-2026-35331: acceptance of certificates violating X.509 name constraints (bsc#1261718). * CVE-2026-35332: NULL pointer dereference when handling ECDH public value in TLS (bsc#1261708). * CVE-2026-35333: integer underflow when handling RADIUS attributes (bsc#1261706). * CVE-2026-35334: possible NULL pointer dereference in RSA decryption (bsc#1261720). Other updates and bugfixes:

Topics%20covered

Topics Covered

security advisory SuSE DoS important null pointer strongSwan

References

* bsc#1261705

* bsc#1261706

* bsc#1261708

* bsc#1261712

* bsc#1261717

* bsc#1261718

* bsc#1261720

* jsc#PED-16145

Cross-

* CVE-2026-35328

* CVE-2026-35329

* CVE-2026-35330

* CVE-2026-35331

* CVE-2026-35332

* CVE-2026-35333

* CVE-2026-35334

CVSS scores:

* CVE-2026-35328 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-35328 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-35329 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2026-35329 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-35330 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-35330 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21547-1
Release Date: 2026-05-05T07:12:05Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE DoS important null pointer strongSwan

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here