strongswan (5.1.2-0ubuntu4) vivid; urgency=medium
* SECURITY UPDATE: denial of service via DH group 1025
- debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of
IKE DH range in src/libstrongswan/crypto/diffie_hellman.c,
src/libstrongswan/crypto/diffie_hellman.h.
- CVE-2014-9221
Date: Mon, 05 Jan 2015 08:25:29 -0500
Changed-By: Tyler Hicks <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
Signed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Jan 2015 08:25:29 -0500
Source: strongswan
Binary: strongswan libstrongswan strongswan-dbg strongswan-starter
strongswan-ike strongswan-nm strongswan-plugin-af-alg strongswan-plugin-agent
strongswan-plugin-attr-sql strongswan-plugin-certexpire
strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp
strongswan-plugin-dnscert strongswan-plugin-dnskey strongswan-plugin-duplicheck
strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2
strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc
strongswan-plugin-eap-md5 strongswan-plugin-eap-mschapv2
strongswan-plugin-eap-peap strongswan-plugin-eap-radius
strongswan-plugin-eap-sim strongswan-plugin-eap-sim-file
strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-simaka-pseudonym
strongswan-plugin-eap-simaka-reauth strongswan-plugin-eap-simaka-sql
strongswan-plugin-eap-tls strongswan-plugin-eap-tnc strongswan-plugin-eap-ttls
strongswan-plugin-error-notify strongswan-plugin-farp
strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp
strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec
strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester
strongswan-plugin-lookip strongswan-plugin-mysql strongswan-plugin-ntru
strongswan-plugin-openssl strongswan-plugin-pgp strongswan-plugin-pkcs11
strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sql
strongswan-plugin-sqlite strongswan-plugin-soup strongswan-plugin-sshkey
strongswan-plugin-systime-fix strongswan-plugin-unbound strongswan-plugin-unity
strongswan-plugin-whitelist strongswan-plugin-xauth-eap
strongswan-plugin-xauth-generic strongswan-plugin-xauth-noauth
strongswan-plugin-xauth-pam strongswan-pt-tls-client strongswan-tnc-ifmap
strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server
strongswan-tnc-pdp strongswan-ikev1
strongswan-ikev2
Architecture: source
Version: 5.1.2-0ubuntu4
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Tyler Hicks <[email protected]>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-dbg - strongSwan library and binaries - debugging symbols
strongswan-ike - strongSwan Internet Key Exchange (v2) daemon
strongswan-ikev1 - strongswan IKEv1 daemon, transitional package
strongswan-ikev2 - strongswan IKEv2 daemon, transitional package
strongswan-nm - strongSwan charon for interaction with NetworkManager
strongswan-plugin-af-alg - strongSwan plugin for AF_ALG Linux crypto API
interface
strongswan-plugin-agent - strongSwan plugin for accessing private keys via
ssh-agent
strongswan-plugin-attr-sql - strongSwan plugin for providing IKE attributes
from databases
strongswan-plugin-certexpire - strongSwan plugin for exporting expiration
dates of certificates
strongswan-plugin-coupling - strongSwan plugin for permanent peer certificate
coupling
strongswan-plugin-curl - strongSwan plugin for the libcurl based HTTP/FTP
fetcher
strongswan-plugin-dhcp - strongSwan plugin for forwarding DHCP request to a
server
strongswan-plugin-dnscert - strongSwan plugin for authentication via CERT RRs
strongswan-plugin-dnskey - strongSwan plugin for parsing RFC 4034 public keys
strongswan-plugin-duplicheck - strongSwan plugin for duplicheck functionality
strongswan-plugin-eap-aka - strongSwan plugin for generic EAP-AKA protocol
handling
strongswan-plugin-eap-aka-3gpp2 - strongSwan plugin for the 3GPP2-based
EAP-AKA backend
strongswan-plugin-eap-dynamic - strongSwan plugin for dynamic EAP method
selection
strongswan-plugin-eap-gtc - strongSwan plugin for EAP-GTC protocol handler
strongswan-plugin-eap-md5 - strongSwan plugin for EAP-MD5 protocol handler
strongswan-plugin-eap-mschapv2 - strongSwan plugin for EAP-MSCHAPv2 protocol
handler
strongswan-plugin-eap-peap - strongSwan plugin for EAP-PEAP protocol handler
strongswan-plugin-eap-radius - strongSwan plugin for EAP interface to a RADIUS
server
strongswan-plugin-eap-sim - strongSwan plugin for generic EAP-SIM protocol
handling
strongswan-plugin-eap-sim-file - strongSwan plugin for EAP-SIM credentials
from files
strongswan-plugin-eap-sim-pcsc - strongSwan plugin for EAP-SIM credentials on
smartcards
strongswan-plugin-eap-simaka-pseudonym - strongSwan plugin for the EAP-SIM/AKA
identity database
strongswan-plugin-eap-simaka-reauth - strongSwan plugin for the EAP-SIM/AKA
reauthentication database
strongswan-plugin-eap-simaka-sql - strongSwan plugin for SQL-based EAP-SIM/AKA
backend reading
strongswan-plugin-eap-tls - strongSwan plugin for the EAP-TLS protocol handler
strongswan-plugin-eap-tnc - strongSwan plugin for the EAP-TNC protocol handler
strongswan-plugin-eap-ttls - strongSwan plugin for the EAP-TTLS protocol
handler
strongswan-plugin-error-notify - strongSwan plugin for error notifications
strongswan-plugin-farp - strongSwan plugin for faking ARP responses
strongswan-plugin-fips-prf - strongSwan plugin for PRF specified by FIPS
strongswan-plugin-gcrypt - strongSwan plugin for gcrypt
strongswan-plugin-gmp - strongSwan plugin for libgmp based crypto
strongswan-plugin-ipseckey - strongSwan plugin for authentication via IPSECKEY
RRs
strongswan-plugin-kernel-libipsec - strongSwan plugin for a IPsec backend that
entirely in userland
strongswan-plugin-ldap - strongSwan plugin for LDAP CRL fetching
strongswan-plugin-led - strongSwan plugin for LEDs blinking on IKE activity
strongswan-plugin-load-tester - strongSwan plugin for load testing
strongswan-plugin-lookip - strongSwan plugin for lookip interface
strongswan-plugin-mysql - strongSwan plugin for MySQL
strongswan-plugin-ntru - strongSwan plugin for NTRU crypto
strongswan-plugin-openssl - strongSwan plugin for OpenSSL
strongswan-plugin-pgp - strongSwan plugin for PGP encoding/decoding routines
strongswan-plugin-pkcs11 - strongSwan plugin for PKCS#11 smartcard backend
strongswan-plugin-pubkey - strongSwan plugin for raw public keys
strongswan-plugin-radattr - strongSwan plugin for custom RADIUS attribute
processing
strongswan-plugin-soup - strongSwan plugin for the libsoup based HTTP fetcher
strongswan-plugin-sql - strongSwan plugin for SQL configuration and credentials
strongswan-plugin-sqlite - strongSwan plugin for SQLite
strongswan-plugin-sshkey - strongSwan plugin for SSH key decoding routines
strongswan-plugin-systime-fix - strongSwan plugin for system time fixing
strongswan-plugin-unbound - strongSwan plugin for DNSSEC-enabled resolver
using libunbound
strongswan-plugin-unity - strongSwan plugin for IKEv1 Cisco Unity Extensions
strongswan-plugin-whitelist - strongSwan plugin for peer-verification against
a whitelist
strongswan-plugin-xauth-eap - strongSwan plugin for XAuth backend using EAP
methods
strongswan-plugin-xauth-generic - strongSwan plugin for the generic XAuth
backend
strongswan-plugin-xauth-noauth - strongSwan plugin for the generic XAuth
backend
strongswan-plugin-xauth-pam - strongSwan plugin for XAuth backend using PAM
strongswan-pt-tls-client - strongSwan TLS-based Posture Transport (PT)
protocol client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-tnc-base - strongSwan Trusted Network Connect's (TNC) - base files
strongswan-tnc-client - strongSwan Trusted Network Connect's (TNC) - client
files
strongswan-tnc-ifmap - strongSwan plugin for Trusted Network Connect's (TNC)
IF-MAP clie
strongswan-tnc-pdp - strongSwan plugin for Trusted Network Connect's (TNC) PDP
strongswan-tnc-server - strongSwan Trusted Network Connect's (TNC) - server
files
Changes:
strongswan (5.1.2-0ubuntu4) vivid; urgency=medium
.
* SECURITY UPDATE: denial of service via DH group 1025
- debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of
IKE DH range in src/libstrongswan/crypto/diffie_hellman.c,
src/libstrongswan/crypto/diffie_hellman.h.
- CVE-2014-9221
Checksums-Sha1:
c0904ecdbc2821998dfc6f93281165be50420f8b 8160 strongswan_5.1.2-0ubuntu4.dsc
59cc3b7740988b3c67bb65a28b3fcab3ea650f04 126856
strongswan_5.1.2-0ubuntu4.debian.tar.xz
Checksums-Sha256:
3c150900dcca8739d7d5d002777f71021ed737cc882b9c1d1a628be32db6c571 8160
strongswan_5.1.2-0ubuntu4.dsc
8021372afc7fb9f196428e4ae112a2a4a052ca16f4f40ada2b853821af65617d 126856
strongswan_5.1.2-0ubuntu4.debian.tar.xz
Files:
661f3686625926b50b827f70b77edc30 8160 net optional
strongswan_5.1.2-0ubuntu4.dsc
ad7a0b15ba42b6a9677ec87fba805c8f 126856 net optional
strongswan_5.1.2-0ubuntu4.debian.tar.xz
Original-Maintainer: strongSwan Maintainers
<[email protected]>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUqpOnAAoJEGVp2FWnRL6TdrcP/iLTs3W6fR7uNjDUzGe7WlNN
BasZLYhBUFAT5gD+l/7WeyZKAdrbj23MvHJAEqmbqLdjwR+mL9f5j8cwsG+N4wV/
RHg/saGp406/q3nbCVoPOLa6m+QAJmhtvySv4YJW0LFOlpQjASvpo0xSuWfeunMy
hrhctKhUfKyZA5xxszEkr8SGsZ6+nL+oCzgkmZdv325/15vUQhOZ5+RlaqRCrOxy
bv6yRW/Ud6w3C2CZgjAFSv4Ws3D1CesiYHcVECmNSo8FjilwHtw7rF8cvw2GyRT4
67XOyhdqicdjMhMH+3tzNCIdCOfBW0apEQZpOrQUrFl6Gtv/3VqyL6gBTGAM6vP/
aS5GJRI1HI6UVYMrzHFdBlz1QhZJ5PQEymiRVbtFVH8Wh41e8tjVps5SvpY7GN46
Z17kyIWuhXEL8gbpDnJEVhewVTZmJPpu408Yk6zm5HLEM73hHIQZNxrlhze5gC1X
GFTJgMxbPc/sxDhp2yHCOs6b8FYeofkC4zEvocarMpC8nR2UzyT5XLrC9tHCVedi
YM2ctO9gi5klrPFcy58SnOlNwvuIs55EfR/LIPNePAFAGog4aXvh5ztKHo+4gWP6
jZSmy0SKK6qnhRphnydF5Rm9CNj0LSdhrZBAdeDC/MNQv/SmGyh9Rnctts/Aj5hD
8ChdtQgptOPjpzUC1SZ+
=xtsC
-----END PGP SIGNATURE-----
--
Vivid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/vivid-changes
