Описание
Security update for strongswan
Strongswan was updated to fix one security issue.
The following vulnerability was fixed:
- CVE-2015-4171: Rogue servers were able to authenticate themselves with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591)
Список пакетов
SUSE Linux Enterprise Desktop 12
strongswan-5.1.3-18.1
strongswan-doc-5.1.3-18.1
strongswan-ipsec-5.1.3-18.1
strongswan-libs0-5.1.3-18.1
SUSE Linux Enterprise Server 12
strongswan-5.1.3-18.1
strongswan-doc-5.1.3-18.1
strongswan-hmac-5.1.3-18.1
strongswan-ipsec-5.1.3-18.1
strongswan-libs0-5.1.3-18.1
SUSE Linux Enterprise Server for SAP Applications 12
strongswan-5.1.3-18.1
strongswan-doc-5.1.3-18.1
strongswan-hmac-5.1.3-18.1
strongswan-ipsec-5.1.3-18.1
strongswan-libs0-5.1.3-18.1
Ссылки
- Link for SUSE-SU-2015:1196-1
- E-Mail link for SUSE-SU-2015:1196-1
- SUSE Security Ratings
- SUSE Bug 933591
- SUSE CVE CVE-2015-4171 page
Описание
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:strongswan-5.1.3-18.1
SUSE Linux Enterprise Desktop 12:strongswan-doc-5.1.3-18.1
SUSE Linux Enterprise Desktop 12:strongswan-ipsec-5.1.3-18.1
SUSE Linux Enterprise Desktop 12:strongswan-libs0-5.1.3-18.1
Ссылки
- CVE-2015-4171
- SUSE Bug 931845
- SUSE Bug 933591