strongSwan: Multiple vulnerabilities — GLSA 201811-16

Multiple vulnerabilities have been found in strongSwan, the worst of which could lead to a Denial of Service condition.

Affected packages

Background

strongSwan is an IPSec implementation for Linux.

Description

Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a Denial of Service condition or impersonate a user.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-vpn/strongswan-5.7.1"
 

References

• CVE-2018-10811
• CVE-2018-16151
• CVE-2018-16152
• CVE-2018-17540
• CVE-2018-5388
• CVE-2018-6459

Release date
November 26, 2018

Latest revision
November 26, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 648610
• 656338
• 658230
• 668862