Package "libcharon-extra-plugins"
| Name: |
libcharon-extra-plugins
|
Description: |
strongSwan charon library (extra plugins)
|
| Latest version: |
5.9.13-2ubuntu4.24.04.3 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
strongswan |
| Homepage: |
http://www.strongswan.org |
Links
Download "libcharon-extra-plugins"
Other versions of "libcharon-extra-plugins" in Noble
Changelog
|
strongswan (5.9.13-2ubuntu4.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: Infinite Loop When Handling Supported Versions TLS
Extension
- debian/patches/CVE-2026-35328.patch: prevent infinite loop if
supported versions are too short in src/libtls/tls_server.c.
- CVE-2026-35328
* SECURITY UPDATE: NULL-Pointer Dereference When Processing Padding in
PKCS#7
- debian/patches/CVE-2026-35329.patch: avoid NULL pointer dereference
when verifying padding in src/libstrongswan/crypto/pkcs5.c,
src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c.
- CVE-2026-35329
* SECURITY UPDATE: Integer Underflow When Handling EAP-SIM/AKA Attributes
- debian/patches/CVE-2026-35330.patch: reject zero-length EAP-SIM/AKA
attributes in src/libsimaka/simaka_message.c.
- CVE-2026-35330
* SECURITY UPDATE: Accepting Certificates Violating Name Constraints
- debian/patches/CVE-2026-35331.patch: case-insensitive matching and
reject excluded DN name constraints in
src/libstrongswan/plugins/constraints/constraints_validator.c,
src/libstrongswan/tests/suites/test_certnames.c.
- CVE-2026-35331
* SECURITY UPDATE: NULL-Pointer Dereference When Handling ECDH Public
Value in TLS
- debian/patches/CVE-2026-35332.patch: only accept non-empty ECDH
public keys with TLS < 1.3 in src/libtls/tls_server.c.
- CVE-2026-35332
* SECURITY UPDATE: Integer Underflow When Handling RADIUS Attributes
- debian/patches/CVE-2026-35333.patch: reject undersized attributes in
enumerator in src/libradius/radius_message.c.
- CVE-2026-35333
* SECURITY UPDATE: Possible NULL-Pointer Dereference in RSA Decryption
- debian/patches/CVE-2026-35334.patch: avoid crash and timing leaks in
PKCS#1 v1.5 decryption padding validation in
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c,
src/libstrongswan/utils/utils.h,
src/libstrongswan/utils/utils/constant_time.h.
- CVE-2026-35334
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2026 16:00:25 -0400
|
| Source diff to previous version |
|
|
|
strongswan (5.9.13-2ubuntu4.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: Integer Underflow When Handling EAP-TTLS AVP
- debian/patches/CVE-2026-25075.patch: prevent crash if AVP length
header field is invalid in
src/libcharon/plugins/eap_ttls/eap_ttls_avp.c.
- CVE-2026-25075
-- Marc Deslauriers <email address hidden> Wed, 11 Mar 2026 09:16:06 -0400
|
| Source diff to previous version |
| CVE-2026-25075 |
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote att |
|
|
strongswan (5.9.13-2ubuntu4.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow When Handling EAP-MSCHAPv2 Failure
Requests
- debian/patches/CVE-2025-62291.patch: fix length check for Failure
Request packets on the client in
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
- CVE-2025-62291
-- Marc Deslauriers <email address hidden> Tue, 21 Oct 2025 11:06:11 -0400
|
About
-
Send Feedback to @ubuntu_updates
