strongSwan: Multiple Vulnerabilities — GLSA 201412-26

Two vulnerabilities have been found in strongSwan, possibly resulting in Denial of Service or a bypass in authentication restrictions.

Affected packages

net-misc/strongswan on all architectures
Affected versions < 5.1.3
Unaffected versions >= 5.1.3

Background

strongSwan is an IPSec implementation for Linux.

Description

A NULL pointer dereference and an error in the IKEv2 implementation have been found in strongSwan.

Impact

A remote attacker could create a Denial of Service condition or bypass security restrictions.

Workaround

There is no known workaround at this time.

Resolution

All strongSwan users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/strongswan-5.1.3"
 

References

Release date
December 13, 2014

Latest revision
December 13, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries