Описание
Security update for strongswan
strongswan was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-4171: A problem that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (bsc#933591)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
strongswan-4.4.0-6.29.2
strongswan-doc-4.4.0-6.29.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
strongswan-4.4.0-6.29.2
strongswan-doc-4.4.0-6.29.2
Ссылки
- Link for SUSE-SU-2015:1791-1
- E-Mail link for SUSE-SU-2015:1791-1
- SUSE Security Ratings
- SUSE Bug 933591
- SUSE CVE CVE-2015-4171 page
Описание
strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:strongswan-4.4.0-6.29.2
SUSE Linux Enterprise Server 11 SP4:strongswan-doc-4.4.0-6.29.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:strongswan-4.4.0-6.29.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4:strongswan-doc-4.4.0-6.29.2
Ссылки
- CVE-2015-4171
- SUSE Bug 931845
- SUSE Bug 933591