-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: strongswan
Version: 4.5.2-1.5+deb7u9
CVE ID : CVE-2017-9022 CVE-2017-9023
Two denial of service vulnerabilities were identified in strongSwan, an
IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.
, especially in non interactive
setups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to
update their keys if they have connected to an SSH server they don't
trust.
More details about identifying an attack and mitigations can be found in
the Qualys Security Advisory.
- --
Yves-Alexis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: strongswan
Version: 4.4.1-5.8
CVE ID : CVE-2015-8023
Tobias Brunner found an authentication bypass vulnerability in
strongSwan, an IKE/IPsec suite.
Due to insufficient validation of its local state the server
by the client could
trick the user into continuing the authentication, revealing the
username and password digest (for EAP) or even the cleartext password
(if EAP-GTC is accepted).
- --
Yves-Alexis Perez
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCgAGBQJVenJTAAoJEG3bU/KmdcClUVwIAKorAD+Dz
