Public bug reported: Update strongswan-ikev2 package to latest stable release 5.6.3, or backport mentioned security and bug fixes.
[Impact] * Several security vulnerabilities have been fixed * CVE-2018-6459: Insufficient Input Validation in RSASSA-PSS Signature Parser. For more details see: https://strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html * CVE-2018-5388: Insufficient Input Validation in stroke Plugin: For more details see: https://strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html * CVE-2018-10811: Missing Initialization of a Variable in IKEv2 Key Derivation. For more details see: https://strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html * Packet loss during IKEv2 CHILD_SA rekeying: https://wiki.strongswan.org/issues/1291 [Test Case] * Consult links above for detailed information. [Regression Potential] * No regression expected, as all CVEs are security fixes and one bug fix. [Other Info] * n/a ---- # lsb_release -rd Description: Ubuntu 16.04.4 LTS Release: 16.04 # apt-cache policy strongswan-ikev2 strongswan-ikev2: Installed: 5.3.5-1ubuntu3.5 Candidate: 5.3.5-1ubuntu3.5 ** Affects: strongswan (Ubuntu) Importance: Undecided Status: Confirmed ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10811 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6459 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5388 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776857 Title: update strongswan-ikev2 package for ubuntu xenial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1776857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
