SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-2019-3056

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-2019-3056

Security update for strongswan

Type: security

Severity: important

Issued: 2019-11-25

Description:

This update for strongswan fixes the following issues:

Security issues fixed: 

- CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker 
  with local user credentials to resource exhaustion and denial of service while 
  reading from the socket (bsc#1094462).
- CVE-2018-10811: Fixed a denial of service during  the IKEv2 key derivation if 
  the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF 
  (bsc#1093536).
- CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which 
  might lead to authorization bypass (bsc#1107874).
- CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).

References

CVE: CVE-2018-5388
CVE: CVE-2018-17540
CVE: CVE-2018-16152
CVE: CVE-2018-16151
CVE: CVE-2018-10811
Bugzilla: 1109845 VUL-0: CVE-2018-17540: strongswan: Insufficient input validation in gmp plugin
Bugzilla: 1107874 VUL-0: CVE-2018-16151, CVE-2018-16152: strongswan: several flaws in the gmp plugin that may lead to an authorization bypass vulnerability
Bugzilla: 1094462 VUL-0: CVE-2018-5388: strongswan: buffer underflow in stroke_socket.c
Bugzilla: 1093536 VUL-0: CVE-2018-10811: strongswan: denial-of-service vulnerability in strongSwan

Packages

strongswan-5.6.0-4.3.2