Package "strongswan"

Name:	strongswan
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: standalone IPsec client strongSwan IPsec client, systemd support strongSwan plugin to interact with NetworkManager strongSwan IPsec client, pki command
Latest version:	5.6.2-1ubuntu2.9
Release:	bionic (18.04)
Level:	security
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "strongswan" in Bionic

Repository	Area	Version
base	main	5.6.2-1ubuntu2
base	universe	5.6.2-1ubuntu2
security	main	5.6.2-1ubuntu2.9
updates	universe	5.6.2-1ubuntu2.9
updates	main	5.6.2-1ubuntu2.9

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 5.6.2-1ubuntu2.9 2022-10-03 18:07:19 UTC

strongswan (5.6.2-1ubuntu2.9) bionic-security; urgency=medium * SECURITY UPDATE: Using Untrusted URIs for Revocation Checking - debian/patches/CVE-2022-40617.patch: do online revocation checks only after basic trust chain validation in src/libstrongswan/credentials/credential_manager.c. - CVE-2022-40617 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 14:10:27 -0400

Source diff to previous version

CVE-2022-40617

RESERVED

Version: 5.6.2-1ubuntu2.8 2022-01-24 19:07:20 UTC

Version: 5.6.2-1ubuntu2.8	2022-01-24 19:07:20 UTC
strongswan (5.6.2-1ubuntu2.8) bionic-security; urgency=medium * SECURITY UPDATE: Incorrect Handling of Early EAP-Success Messages - debian/patches/CVE-2021-45079.patch: enforce failure if MSK generation fails in src/libcharon/plugins/eap_gtc/eap_gtc.c, src/libcharon/plugins/eap_md5/eap_md5.c, src/libcharon/plugins/eap_radius/eap_radius.c, src/libcharon/sa/eap/eap_method.h, src/libcharon/sa/ikev2/authenticators/eap_authenticator.c. - CVE-2021-45079 -- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 07:11:09 -0500
Source diff to previous version

strongswan (5.6.2-1ubuntu2.8) bionic-security; urgency=medium * SECURITY UPDATE: Incorrect Handling of Early EAP-Success Messages - debian/patches/CVE-2021-45079.patch: enforce failure if MSK generation fails in src/libcharon/plugins/eap_gtc/eap_gtc.c, src/libcharon/plugins/eap_md5/eap_md5.c, src/libcharon/plugins/eap_radius/eap_radius.c, src/libcharon/sa/eap/eap_method.h, src/libcharon/sa/ikev2/authenticators/eap_authenticator.c. - CVE-2021-45079 -- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 07:11:09 -0500

Source diff to previous version

Version: 5.6.2-1ubuntu2.7 2021-10-19 11:06:23 UTC

strongswan (5.6.2-1ubuntu2.7) bionic-security; urgency=medium * SECURITY UPDATE: Integer Overflow in gmp Plugin - debian/patches/CVE-2021-41990.patch: reject RSASSA-PSS params with negative salt length in src/libstrongswan/credentials/keys/signature_params.c, src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. - CVE-2021-41990 * SECURITY UPDATE: Integer Overflow When Replacing Certificates in Cache - debian/patches/CVE-2021-41991.patch: prevent crash due to integer overflow/sign change in src/libstrongswan/credentials/sets/cert_cache.c. - CVE-2021-41991 -- Marc Deslauriers <email address hidden> Tue, 12 Oct 2021 13:23:35 -0400

Source diff to previous version

CVE-2021-41990	The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...
CVE-2021-41991	The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...

Version: 5.6.2-1ubuntu2.3 2018-10-01 18:06:52 UTC

strongswan (5.6.2-1ubuntu2.3) bionic-security; urgency=medium * SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-4.4.0-5.7.0_gmp-pkcs1-overflow.patch: fix buffer overflow with very small RSA keys in src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c. - CVE-2018-17540 -- Marc Deslauriers <email address hidden> Wed, 26 Sep 2018 14:36:02 -0400

Source diff to previous version

CVE-2018-17540

RESERVED

Version: 5.6.2-1ubuntu2.2 2018-09-25 14:07:14 UTC

strongswan (5.6.2-1ubuntu2.2) bionic-security; urgency=medium * SECURITY UPDATE: Insufficient input validation in gmp plugin - debian/patches/strongswan-5.6.1-5.6.3_gmp-pkcs1-verify.patch: don't parse PKCS1 v1.5 RSA signatures to verify them in src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c, src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c. - CVE-2018-16151 - CVE-2018-16152 * SECURITY UPDATE: remote denial of service - debian/patches/strongswan-5.5.0-5.6.2_skeyseed_init.patch: properly initialize variable in src/libcharon/sa/ikev2/keymat_v2.c. - CVE-2018-10811 * SECURITY UPDATE: DoS in stroke plugin - debian/patches/strongswan-5.1.2-5.6.2_stroke_msg_len.patch: ensure a minimum message length in src/libcharon/plugins/stroke/stroke_socket.c. - CVE-2018-5388 -- Marc Deslauriers <email address hidden> Tue, 18 Sep 2018 11:03:06 +0200

CVE-2018-16151	RESERVED
CVE-2018-16152	RESERVED
CVE-2018-10811	strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-5388	In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion an

About - Send Feedback to @ubuntu_updates

Package "strongswan"

Links

Other versions of "strongswan" in Bionic

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

updates

security

proposed

PPA updates