Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 56 articles for you...
89

Fedora 40: FEDORA-2024-6712c699fc Critical: StrongSwan Buffer Overflow

Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2 improvements. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-6712c699fc 2024-06-11 01:48:54.482619 -------------------------------------------------------------------------------- Name : strongswan Product : Fedora 40 Version : 5.9.14 Release : 1.fc40 URL : https://www.strongswan.org/ Summary : An OpenSource IPsec-based VPN and TNC solution Description : The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2023-41913 buffer overflow and possible RCE, various IKEv2 improvements -------------------------------------------------------------------------------- ChangeLog: * Fri May 31 2024 Paul Wouters - 5.9.14-1 - Resolves: rhbz#2254560 CVE-2023-41913 buffer overflow and possible RCE - Resolved: rhbz#2250666 Update to 5.9.14 (IKEv2 OCSP extensions, seqno/regno overflow handling - Update to 5.9.13 (OCSP nonce set regression configuration option charon.ocsp_nonce_len) - Update to 5.9.12 (CVE-2023-41913 fix, various IKEv2 fixes) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2254560 - CVE-2023-41913 strongswan: buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=2254560 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-6712c699fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPGkeys used by the Fedora Project can be found at -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The latest Fedora 40 strongswan security update tackles CVE-2023-41913, rectifying critical buffer overflow and RCE vulnerabilities.. Fedora 40, strongswan update, security advisory, buffer overflow fix, IKEv2 improvements. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 11, 2024 Critical Fedora
172

Ubuntu 22.04: USN-6772-1 Critical: strongSwan bypass threat

Fraudulent security certificates could allow access controls to be bypassed.. ========================================================================== Ubuntu Security Notice USN-6772-1 May 14, 2024 strongswan vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Fraudulent security certificates could allow access controls to be bypassed. Software Description: - strongswan: IPsec VPN solution Details: Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libstrongswan 5.9.5-2ubuntu2.3 strongswan 5.9.5-2ubuntu2.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6772-1 CVE-2022-4967 Package Information: https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.3 . The recent Ubuntu Security Notice USN-6772-2 alerts users to a vulnerability in strongSwan that enables counterfeit certificates to circumvent security measures.. strongSwan updates, Ubuntu security, IPsec VPN, certificate bypass, access control threat. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 14, 2024 Critical Ubuntu
197

Debian 10 DLA-3663-1 Critical: StrongSwan Buffer Overflow Remote Code Exec

It was discovered that there was a potential buffer overflow in strongswan, a IPsec-based VPN (Virtual Private Network) server. A vulnerability related to processing public Diffie-Hellman key . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3663-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb November 24, 2023 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : strongswan Version : 5.7.2-1+deb10u4 CVE ID : CVE-2023-41913 It was discovered that there was a potential buffer overflow in strongswan, a IPsec-based VPN (Virtual Private Network) server. A vulnerability related to processing public Diffie-Hellman key exchange values could have resulted in a buffer overflow and potentially remote code execution as a result. For Debian 10 buster, this problem has been fixed in version 5.7.2-1+deb10u4. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/strongswan Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . The Ubuntu Security Notice USN-3975-1 addresses a critical heap overflow flaw within openssh, posing serious risks for unauthorized code execution.. Debian LTS, StrongSwan Security, Buffer Overflow Issue. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 24, 2023 Critical Debian LTS
202

openSUSE Leap 15.5 SUSE-SU-2023:4529-1 important: strongswan RCE

This update for strongswan fixes the following issues: CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901).. # Security update for strongswan Announcement ID: SUSE-SU-2023:4529-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4529=1 openSUSE-SLE-15.5-2023-4529=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4529=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4529=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4529=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-mysql-5.9.11-150500.5.6.1 *strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-sqlite-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-mysql-debuginfo-5.9.11-150500.5.6.1 * strongswan-sqlite-debuginfo-5.9.11-150500.5.6.1 * openSUSE Leap 15.5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 . Important notice regarding strongswan addressing a remote code execution vulnerability affecting multiple SUSE distributions. Immediate action needed.. strongswan update, patch management, remote execution fixes, SUSE Linux, security update. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Nov 22, 2023 Important OpenSUSE
100

UBUNTU: 2023:7891-4 Critical OpenSSL Buffer Overflow Vulnerability

* bsc#1216901 Cross-References: * CVE-2023-41913 . # Security update for strongswan Announcement ID: SUSE-SU-2023:4529-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro 6.0 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-4529=1 openSUSE-SLE-15.5-2023-4529=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-4529=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4529=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4529=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-mysql-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 *strongswan-nm-5.9.11-150500.5.6.1 * strongswan-sqlite-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-mysql-debuginfo-5.9.11-150500.5.6.1 * strongswan-sqlite-debuginfo-5.9.11-150500.5.6.1 * openSUSE Leap 15.5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-ipsec-5.9.11-150500.5.6.1 * strongswan-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * strongswan-hmac-5.9.11-150500.5.6.1 * strongswan-ipsec-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-debuginfo-5.9.11-150500.5.6.1 * strongswan-libs0-5.9.11-150500.5.6.1 * strongswan-debugsource-5.9.11-150500.5.6.1 * Basesystem Module 15-SP5 (noarch) * strongswan-doc-5.9.11-150500.5.6.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * strongswan-debugsource-5.9.11-150500.5.6.1 * strongswan-nm-debuginfo-5.9.11-150500.5.6.1 * strongswan-nm-5.9.11-150500.5.6.1 * strongswan-debuginfo-5.9.11-150500.5.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 . Upgrade for strongswan addresses critical vulnerability resulting in potential remote code execution. Ensure you secure your infrastructure with this update.. strongswan update, SUSE security patch, remote code execution, important advisory, openSUSE fixes. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 22, 2023 Important SuSE
100

SUSE: 2023:4514-1 Important: Remote Code Execution Fix for StrongSwan

* bsc#1216901 Cross-References: * CVE-2023-41913 . # Security update for strongswan Announcement ID: SUSE-SU-2023:4514-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4514=1 openSUSE-SLE-15.4-2023-4514=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4514=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4514=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4514=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * strongswan-mysql-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * strongswan-mysql-5.9.11-150400.19.17.2 *strongswan-sqlite-5.9.11-150400.19.17.2 * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-sqlite-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 . Discover the vital security patch for strongswan targeting a remote code execution vulnerability in SUSE Linux systems. Staying updated is key to reducing risk. strongswan Update, SUSE Security Advisory, Remote Code Execution, Important Security Patch. . Severity:Important. LinuxSecurity.com Team

Calendar%202 Nov 21, 2023 Important SuSE
202

openSUSE 15.4: SUSE-SU-2023:4514-1 Critical: strongSwan remote exec

This update for strongswan fixes the following issues: CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901).. # Security update for strongswan Announcement ID: SUSE-SU-2023:4514-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4514=1 openSUSE-SLE-15.4-2023-4514=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-4514=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4514=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4514=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) *strongswan-mysql-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * strongswan-mysql-5.9.11-150400.19.17.2 * strongswan-sqlite-5.9.11-150400.19.17.2 * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-sqlite-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * openSUSE Leap 15.4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-libs0-debuginfo-5.9.11-150400.19.17.2 * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-ipsec-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-hmac-5.9.11-150400.19.17.2 * strongswan-ipsec-debuginfo-5.9.11-150400.19.17.2 * strongswan-libs0-5.9.11-150400.19.17.2 * strongswan-5.9.11-150400.19.17.2 * Basesystem Module 15-SP4 (noarch) * strongswan-doc-5.9.11-150400.19.17.2 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * strongswan-debuginfo-5.9.11-150400.19.17.2 * strongswan-nm-debuginfo-5.9.11-150400.19.17.2 * strongswan-debugsource-5.9.11-150400.19.17.2 * strongswan-nm-5.9.11-150400.19.17.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 . An important enhancement for strongswan regarding CVE-2023-41913, essential to mitigate risks of remote code executionvulnerabilities.. StrongSwan Update, Remote Code Execution Fix, OpenSUSE Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Nov 21, 2023 Critical OpenSUSE
100

SUSE: 2023:4515-1 Important: StrongSwan Remote Code Execution

* bsc#1216901 Cross-References: * CVE-2023-41913 . # Security update for strongswan Announcement ID: SUSE-SU-2023:4515-1 Rating: important References: * bsc#1216901 Cross-References: * CVE-2023-41913 CVSS scores: * CVE-2023-41913 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for strongswan fixes the following issues: * CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4515=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4515=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4515=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4515=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4515=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4515=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4515=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 *strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Enterprise Storage 7.1 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 *strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * strongswan-debuginfo-5.8.2-150200.11.42.2 * strongswan-hmac-5.8.2-150200.11.42.2 * strongswan-libs0-5.8.2-150200.11.42.2 * strongswan-libs0-debuginfo-5.8.2-150200.11.42.2 * strongswan-debugsource-5.8.2-150200.11.42.2 * strongswan-ipsec-5.8.2-150200.11.42.2 * strongswan-ipsec-debuginfo-5.8.2-150200.11.42.2 * strongswan-5.8.2-150200.11.42.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * strongswan-doc-5.8.2-150200.11.42.2 ## References: * https://www.suse.com/security/cve/CVE-2023-41913.html * https://bugzilla.suse.com/show_bug.cgi?id=1216901 . OpenVPN introduces a critical security patch targeting CVE-2023-41274 to protect against vulnerabilities related to unauthorized access.. SUSE Security Update, StrongSwan Patch, Remote Code Execution, SUSE Linux Fix. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 21, 2023 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200