openSUSE-SU-2022:0492-1

Опубликовано: 18 фев. 2022

Источник: suse-cvrf

Описание

Security update for strongswan

This update for strongswan fixes the following issues:

CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471)

Список пакетов

openSUSE Leap 15.3

strongswan-5.8.2-11.24.1

strongswan-doc-5.8.2-11.24.1

strongswan-hmac-5.8.2-11.24.1

strongswan-ipsec-5.8.2-11.24.1

strongswan-libs0-5.8.2-11.24.1

strongswan-mysql-5.8.2-11.24.1

strongswan-nm-5.8.2-11.24.1

strongswan-sqlite-5.8.2-11.24.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PDDGV75VWTCAFSBICC2NAFQ3EN5G6NAI/
E-Mail link for openSUSE-SU-2022:0492-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194471
SUSE Bug 1194471
https://www.suse.com/security/cve/CVE-2021-45079/
SUSE CVE CVE-2021-45079 page

Описание

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Затронутые продукты

openSUSE Leap 15.3:strongswan-5.8.2-11.24.1

openSUSE Leap 15.3:strongswan-doc-5.8.2-11.24.1

openSUSE Leap 15.3:strongswan-hmac-5.8.2-11.24.1

openSUSE Leap 15.3:strongswan-ipsec-5.8.2-11.24.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-45079.html
CVE-2021-45079
https://bugzilla.suse.com/1194471
SUSE Bug 1194471

openSUSE-SU-2022:0492-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-45079

Описание

Затронутые продукты

Ссылки