Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5560-1] strongswan security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5560-1] strongswan security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Yves-Alexis Perez <corsac AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5560-1] strongswan security update
  • Date: Mon, 20 Nov 2023 21:07:26 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1r5BUM-00A3Bi-Ig AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Ql24w2QRXj7+T5Q6i/o2YYHrdwYvYs3S7Qb7weS1SL4=; b=ef oDbjtyutzRhGuc8+j7K/p0LdTPhhdFQeSk+P2bkcIVtwzAeuMdftEvTxR35euHPY2Kyp9vE6G7qgt ENmkyP29C7BGWgit0+sFAFrz9WlVZCVE98u7t+oxtZfOfIkCDUUfAHoLu7lkHgnkKOS5ePiiKA8ja 7w37XA8WaE3+hwuXQmUYsADQxwH6G6bjFI21hZweGPscvK/XNGs+WLQwRk+Ncgv4fkpEKZcjkUJIk pnRFFNs/kMlSy3Deeb/JFUb68Twxe6rFfw4Hiw16y8j8GFZB2AaW1ddzEkKfWSa6maXwa/shjYLI/ KoDxlgRMSfoqPqTz+WoBtSYb8ioGQ3Gw==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 20 Nov 2023 21:07:51 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <BwkXHR897uC.A.p2D.nq8WlB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- --------------------------------------------------------------------------
Debian Security Advisory DSA-5560-1 security AT debian.org
https://www.debian.org/security/ Yves-Alexis Perez
November 20, 2023 https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : strongswan
CVE ID : CVE-2023-41913

Florian Picca reported a bug the charon-tkm daemon in strongSwan an IKE/IPsec
suite.

The TKM-backed version of the charon IKE daemon (charon-tkm) doesn't
check the length of received Diffie-Hellman public values before copying
them to a fixed-size buffer on the stack, causing a buffer overflow that
could potentially be exploited for remote code execution by sending a
specially crafted and unauthenticated IKE_SA_INIT message.

For the oldstable distribution (bullseye), this problem has been fixed
in version 5.9.1-1+deb11u4.

For the stable distribution (bookworm), this problem has been fixed in
version 5.9.8-5+deb12u1.

We recommend that you upgrade your strongswan packages.

For the detailed security status of strongswan please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/strongswan

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVbyg9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QjhA//dfNonaZKJnldK6N+2CkHz6Z8JUwTGIugk57QdFc3MJcH+tjreZZmB6VJ
aGJK4726bt6/1hh6N2AnQUy7jSxi/3h6FI2om4jK9QdAx/zyMQOXAmXt4Aexzm75
Pz7/ldiG7/ZAxIS8ua1GA6GTOFdQllJ5P4HdBunO5VL9m0Jd9qGZkVOVMkTu7l/j
NyZgQ3RZyiqWbH1iFEvTjw6N/FrSXRr+GeHWsebdx/xNEXhKS7Hjwbw7ROZEXRno
+ZRDtUrBe+QNpMx7BE+mmOF3eIZtmlgxHlR4AKtVITKAuEdkQqxminhaaZse9nOX
u8sju25jJ82WUItkdNSCVqeAjlT/+ru2NoE3ZFpRs6LpRxalvMmXA6R5Eh4agoOG
OpAWFt8yq0q8Ba347zm+1WCNOr30ZJRLJ8IcOlyShOJv2v5wqMg2VedwgEXOPftZ
5+vSDN+gHYr5KWS7KFxDx57Tsl6PORdla4rNie3CpEVr4aQnVnKp2mJsuPn6Ax3g
Sxbh4YDGXBLA5tgKrM0kJsaFPFLk2h4UtA8nLg91HoaxIFsDyO1kdR6uIVBNpJed
CsYSe9F++jqSlZl4XMKXuxDTjtNoXLm9OTsvkezhN2vTWtLYeHVY5++ckL6guSpK
dC9Sd7F+SIp3O+XYilsggqMaBJCKUA8l2LJtuWls5skMUvAN4C8=
=xq5Y
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5560-1] strongswan security update, Yves-Alexis Perez, 20.11.2023

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang