Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:2594-1

Опубликовано: 30 нояб. 2019
Источник: suse-cvrf

Описание

Security update for strongswan

This update for strongswan fixes the following issues:

Security issues fixed:

  • CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462).
  • CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536).
  • CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874).
  • CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
strongswan-5.6.0-lp150.3.3.1
strongswan-doc-5.6.0-lp150.3.3.1
strongswan-hmac-5.6.0-lp150.3.3.1
strongswan-ipsec-5.6.0-lp150.3.3.1
strongswan-libs0-5.6.0-lp150.3.3.1
strongswan-mysql-5.6.0-lp150.3.3.1
strongswan-nm-5.6.0-lp150.3.3.1
strongswan-sqlite-5.6.0-lp150.3.3.1

Ссылки

Описание

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

Затронутые продукты
openSUSE Leap 15.0:strongswan-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-doc-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-hmac-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-ipsec-5.6.0-lp150.3.3.1
Ссылки

Описание

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Затронутые продукты
openSUSE Leap 15.0:strongswan-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-doc-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-hmac-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-ipsec-5.6.0-lp150.3.3.1
Ссылки

Описание

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

Затронутые продукты
openSUSE Leap 15.0:strongswan-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-doc-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-hmac-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-ipsec-5.6.0-lp150.3.3.1
Ссылки

Описание

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

Затронутые продукты
openSUSE Leap 15.0:strongswan-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-doc-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-hmac-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-ipsec-5.6.0-lp150.3.3.1
Ссылки

Описание

In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

Затронутые продукты
openSUSE Leap 15.0:strongswan-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-doc-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-hmac-5.6.0-lp150.3.3.1
openSUSE Leap 15.0:strongswan-ipsec-5.6.0-lp150.3.3.1
Ссылки