Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2019:3266-1 Important: Strongswan Security Update

suse
Calendar Grey December 11, 2019
Dist Suse Esm H88
SUSE Security Patch for strongswan resolves 5 vulnerabilities, featuring crucial security enhancements impacting multiple platforms.
An update that solves 5 vulnerabilities and has one errata is now available

Summary

This update for strongswan provides the following fixes: Security issues fixed: - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: - Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853).

Topics%20covered

Topics Covered

security advisory denial of service important authorization bypass strongswan

References

#1009254 #1071853 #1093536 #1094462 #1107874

#1109845

Cross- CVE-2018-10811 CVE-2018-16151 CVE-2018-16152

CVE-2018-17540 CVE-2018-5388

Affected Products:

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP1-LTSS

SUSE Linux Enterprise Desktop 12-SP4

SUSE Enterprise Storage 5

https://ww...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:3266-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service important authorization bypass strongswan

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here