Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2019:3056-1 Important: Strongswan Denial Of Service Fixes

suse
Calendar Grey November 25, 2019
Dist Suse Esm H88
Crucial Ubuntu Security Patch addresses various vulnerabilities in openvpn to improve performance and protection.
An update that fixes 5 vulnerabilities is now available

Summary

This update for strongswan fixes the following issues: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory denial of service important SUSE buffer underflow strongswan

References

#1093536 #1094462 #1107874 #1109845

Cross- CVE-2018-10811 CVE-2018-16151 CVE-2018-16152

CVE-2018-17540 CVE-2018-5388

Affected Products:

SUSE Linux Enterprise Module for Packagehub Subpackages 15

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15-SP1

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-10811.html

https://www.suse.com/security/cve/CVE-2018-16151.html

https://www.suse.com/security/cve/CVE-2018-16152.html

https://www.suse.com/security/cve/CVE-2018-17540.html

https://www.suse.com/security/cve/CVE-2018-5388.html

https://bugzilla.suse.com/1093536

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:3056-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service important SUSE buffer underflow strongswan

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here