Описание
Security update for strongswan
This update for strongswan provides the following fixes:
Security issues fixed:
- CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462).
- CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536).
- CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874).
- CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).
Other issues addressed:
- Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853).
- Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit.
- Handle unexpected informational message from SonicWall. (bsc#1009254)
Список пакетов
SUSE Enterprise Storage 5
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
Ссылки
- Link for SUSE-SU-2019:3266-1
- E-Mail link for SUSE-SU-2019:3266-1
- SUSE Security Ratings
- SUSE Bug 1009254
- SUSE Bug 1071853
- SUSE Bug 1093536
- SUSE Bug 1094462
- SUSE Bug 1107874
- SUSE Bug 1109845
- SUSE CVE CVE-2018-10811 page
- SUSE CVE CVE-2018-16151 page
- SUSE CVE CVE-2018-16152 page
- SUSE CVE CVE-2018-17540 page
- SUSE CVE CVE-2018-5388 page
Описание
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
Затронутые продукты
Ссылки
- CVE-2018-10811
- SUSE Bug 1093536
Описание
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.
Затронутые продукты
Ссылки
- CVE-2018-16151
- SUSE Bug 1107874
- SUSE Bug 1109845
Описание
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
Затронутые продукты
Ссылки
- CVE-2018-16152
- SUSE Bug 1107874
Описание
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
Затронутые продукты
Ссылки
- CVE-2018-17540
- SUSE Bug 1107874
- SUSE Bug 1109845
Описание
In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.
Затронутые продукты
Ссылки
- CVE-2018-5388
- SUSE Bug 1094462
- SUSE Bug 1101792