Package: strongswan Severity: serious Tags: security
hy,
out of the NEW file from the 4.2.16 release:
strongswan-4.2.16
-----------------
- Applying their fuzzing tool, the Orange Labs vulnerability research team
found another two DoS vulnerabilities, one in the rather old ASN.1 parser
of Relative Distinguished Names (RDNs) and a second one in the conversion
of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value.
Malformed X.509 certificate RDNs or timestamps can cause the pluto IKE
daemon to crash and restart.
Ruben
--
Ruben Puettmann
[email protected]
http://www.puettmann.net
signature.asc
Description: Digital signature
