-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : strongswan Version : 4.5.2-1.5+deb7u10 CVE ID : CVE-2017-11185 Debian Bug : #872155
It was discovered that there was a denial-of-service vulnerability in the Strongswan Virtual Private Network (VPN) software. Specific RSA signatures passed to the gmp plugin for verification could cause a null-pointer dereference. Potential triggers are signatures in certificates, but also signatures used during IKE authentication. For more details, please see: <https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html> For Debian 7 "Wheezy", this issue has been fixed in strongswan version 4.5.2-1.5+deb7u10. We recommend that you upgrade your strongswan packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmW/6IACgkQHpU+J9Qx Hli0DRAAuDdyw7nfM3Yo/vmme4+eU21PkQ0huSIeio3J0wcyvxsRqmMM3YWmn06f OwVqdfahSQra2aLGhp0ADoSL82OJ0+ogb5+S0ecwj1nCWgccoDmFbthuNm0qdhWS BTVUkWxMnvNIcokLfBp8WoUftoMSO/7IayrMPq7yc2gd+0nWgd0ux0tWaSOJaNBS bSgCh0O2hLH2Lkcuw5hYrm4D+LXxBniTqhVciAnAN/UY+OTDWuRcRVd8NMFrD7yT QZNwtuh8PyQ+4W8DToofRdJVgYWY/WmuR88p1ofmSJeIX+97HwMwocBc5+9E4LjP JTzefI/fDEVT5bbHBXqBHdgMwT1UsAWCeYsSee2xgfxkioWErlav2Oe9PNm71PAi RV7eDnlJqm+nqtcMLCUkOfMGhEVWqJJHIAmWMN4LocEE+SAwnIyH0nPyOsUXjhr0 0U8uifgDymRq9yh/bCq1FuH+AzYUF23c9gQBz5umj9839ZeYIW8/BLgFqvcteg6x 3YpWGFMic270+EyDidDK0+MfO7tmFR4PpxLx7L1DjFlTUDXTgLZ0NEo+6ivmh14R GwKzAOE4CucASLw+ALigpnUE+mcqMtYgu1wumLj3xpjhoXrCfZx0RBExwPvEX02s fj/TFynstavp9w335GQagbQTiJjTpzYAQ54ZI7CZmzGX2r5HjSo= =XQ4d -----END PGP SIGNATURE-----