UbuntuUpdates.org

Package "strongswan-starter"

Name: strongswan-starter

Description:

strongSwan daemon starter and configuration file parser
Latest version: 6.0.1-6ubuntu4.3
Release: questing (25.10)
Level: updates
Repository: universe
Head package: strongswan
Homepage: http://www.strongswan.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "strongswan-starter"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "strongswan-starter" in Questing

Repository Area Version
base universe 6.0.1-6ubuntu4
security universe 6.0.1-6ubuntu4.3

Changelog

Version: 6.0.1-6ubuntu4.3 2026-04-22 15:08:17 UTC

  strongswan (6.0.1-6ubuntu4.3) questing-security; urgency=medium

  * SECURITY UPDATE: Infinite Loop When Handling Supported Versions TLS
    Extension
    - debian/patches/CVE-2026-35328.patch: prevent infinite loop if
      supported versions are too short in src/libtls/tls_server.c.
    - CVE-2026-35328
  * SECURITY UPDATE: NULL-Pointer Dereference When Processing Padding in
    PKCS#7
    - debian/patches/CVE-2026-35329.patch: avoid NULL pointer dereference
      when verifying padding in src/libstrongswan/crypto/pkcs5.c,
      src/libstrongswan/plugins/pkcs7/pkcs7_enveloped_data.c.
    - CVE-2026-35329
  * SECURITY UPDATE: Integer Underflow When Handling EAP-SIM/AKA Attributes
    - debian/patches/CVE-2026-35330.patch: reject zero-length EAP-SIM/AKA
      attributes in src/libsimaka/simaka_message.c.
    - CVE-2026-35330
  * SECURITY UPDATE: Accepting Certificates Violating Name Constraints
    - debian/patches/CVE-2026-35331.patch: case-insensitive matching and
      reject excluded DN name constraints in
      src/libstrongswan/plugins/constraints/constraints_validator.c,
      src/libstrongswan/tests/suites/test_certnames.c.
    - CVE-2026-35331
  * SECURITY UPDATE: NULL-Pointer Dereference When Handling ECDH Public
    Value in TLS
    - debian/patches/CVE-2026-35332.patch: only accept non-empty ECDH
      public keys with TLS < 1.3 in src/libtls/tls_server.c.
    - CVE-2026-35332
  * SECURITY UPDATE: Integer Underflow When Handling RADIUS Attributes
    - debian/patches/CVE-2026-35333.patch: reject undersized attributes in
      enumerator in src/libradius/radius_message.c.
    - CVE-2026-35333
  * SECURITY UPDATE: Possible NULL-Pointer Dereference in RSA Decryption
    - debian/patches/CVE-2026-35334.patch: avoid crash and timing leaks in
      PKCS#1 v1.5 decryption padding validation in
      src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c,
      src/libstrongswan/utils/utils.h,
      src/libstrongswan/utils/utils/constant_time.h.
    - CVE-2026-35334

 -- Marc Deslauriers <email address hidden> Fri, 17 Apr 2026 15:46:42 -0400
Source diff to previous version
CVE-2026-35328 strongswan: libtls infinite loop
CVE-2026-35329 strongswan: pkcs7 crash
CVE-2026-35330 strongswan: libsimaka infinite loop
CVE-2026-35331 strongswan: constraints plugin
CVE-2026-35332 strongswan: libtls ECDH crash
CVE-2026-35333 strongswan: libradius infinite loop
CVE-2026-35334 strongswan: gmp plugin crash

Version: 6.0.1-6ubuntu4.2 2026-03-24 14:07:58 UTC

  strongswan (6.0.1-6ubuntu4.2) questing-security; urgency=medium

  * SECURITY UPDATE: Integer Underflow When Handling EAP-TTLS AVP
    - debian/patches/CVE-2026-25075.patch: prevent crash if AVP length
      header field is invalid in
      src/libcharon/plugins/eap_ttls/eap_ttls_avp.c.
    - CVE-2026-25075

 -- Marc Deslauriers <email address hidden> Wed, 11 Mar 2026 09:13:39 -0400
Source diff to previous version
CVE-2026-25075 strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote att

Version: 6.0.1-6ubuntu4.1 2025-10-29 14:07:23 UTC

  strongswan (6.0.1-6ubuntu4.1) questing-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow When Handling EAP-MSCHAPv2 Failure
    Requests
    - debian/patches/CVE-2025-62291.patch: fix length check for Failure
      Request packets on the client in
      src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
    - CVE-2025-62291

 -- Marc Deslauriers <email address hidden> Tue, 21 Oct 2025 10:11:00 -0400


About   -   Send Feedback to @ubuntu_updates