From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2903-1
[email protected] http://www.debian.org/security/ Yves-Alexis Perez
April 14, 2014
http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : strongswan
CVE ID : CVE-2014-2338
An authentication bypass vulnerability was found in charon, the daemon
handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine
handling the security association (IKE_SA) handled some state transitions incorrectly.
An attacker can trigger the vulnerability by rekeying an unestablished
IKE_SA during the initiation itself. This will trick the IKE_SA state to 'established' without the need to provide any valid credential.
Vulnerable setups include those actively initiating IKEv2 IKE_SA (like ”clients” or “roadwarriors”) but also during re-authentication (which can be initiated by the responder). Installations using IKEv1 (pluto
daemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not affected.
For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.5.
For the stable distribution (wheezy), this problem has been fixed in
version 4.5.2-1.5+deb7u3.
For the unstable distribution (sid), this problem has been fixed in
version 5.1.2-4.
We recommend that you upgrade your strongswan packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
http://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTS/gCAAoJEBDCk7bDfE42CIMP/jpDobbJt9pO+N6SQY1BKfrn MT1Aly9sb7o4Fz1DbOBJjJ60oXz7aFXSndOyc55DdTNInanXC3sWMfbV31kseiq+ wgRk6zAAgOaxs/uStorK3b8JYQN5NIVDmdd0BCkD5Oo3PGkr1YQyanXtraez7O4e ba3wJYxEuXq7wt/0Y/bt77nAf//tHaJ3vJB0LWXy717E6f3isS+1xMlZLmCu9nAS TMvCrW8XAOmPTJ3PF3AlSnRc+omYRpw3rJcIhS4pC3VA6Y1uYhTnRV3Oy81Y3PgR lEt3m7YNiGbLu+eqN2bb3lRR1Erdl7XAE/WZPcKb8MetC9gQK+gjSmgXcwa49QFh CuUk6rQJzYRoh78FL9LqYPxQNtow+4hPvURVB/wXHTP3ipPvN1/0OmBJU5wlepDF 2d+JZTLov187Rb0yTZG0+TlKykiJiea6r9ZdAYMUOebXtyaaGHQeEwNNlky0RT1k Zf+ptoNPyLQQO3lq03nGlon5nwV1ytM61Hksj9v3cBu9RT2D6mIvzUlpAgdgfwnD UgrePI88J68Layvj/SplVTaq1JtaA3dXZwnLfFBjB859eGSWpbrcn4UFiPkVMIOL ORNv929NhmGONI913Hxkcb96vPJrqorEWKnsm70NyqI8A/oQonnTqhtXXJwh4S2f em1AIItBX/UdJfKHZ+UA
=EdFc
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to
[email protected]
with a subject of "unsubscribe". Trouble? Contact
[email protected] Archive:
https://lists.debian.org/[email protected]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)