-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6176-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez March 23, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : strongswan CVE ID : CVE-2026-25075 Kazuma Matsumoto discovered an integer overflow bug in the EAP-TTLS plugin of strongSwan, an IKE/IPsec suite. The EAP-TTLS plugin doesn't check the length field in the header of attribute-value pairs (AVPs) tunneled in EAP-TTLS, which can cause an integer underflow that may lead to a crash. An unauthenticated attacker could exploit this for a DoS attack by sending a crafted message. For the oldstable distribution (bookworm), this problem has been fixed in version 5.9.8-5+deb12u3. For the stable distribution (trixie), this problem has been fixed in version 6.0.1-6+deb13u4. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmnBczAACgkQ3rYcyPpX RFsrPAgA0nr1CXIRPwsqUGkRwrAkhbnorpBgsIuN/W0R5yCaihrXjy6gLYSeMU9r MonJk/AV5mQVwmmf8prhz8tY8l3tZcPGXYOeuvh70GfoE3cFpC4MF1SS+gckC5C/ UlHa+tMcA00rRoXedx8xneW6mt2U/O6uQN6ISjm5wQyW7ZXZaVMWl0+dCJj22WUk AlTqFELNhsNTFS0O1y3ddYr/ROoKFRVgCzWT+r/4DjkTciruByb22PbnhBqNMNqD DaPeLNWvZ5WppSLWP1R3pcGCSl48ZoUGcuFuZaRHsePpwPIE5gbe20Mh9zaaM45Q A0aTTQRl1RcSdBthaP1KwOoqVdpFMw== =UsNe -----END PGP SIGNATURE-----
