strongswan-5.9.0-1.9 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11411 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z strongswan-5.9.0-1.9 on GA media These are all security issues fixed in the strongswan-5.9.0-1.9 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11411 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11411 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-11185/ SUSE CVE CVE-2017-11185 page https://www.suse.com/security/cve/CVE-2017-9022/ SUSE CVE CVE-2017-9022 page https://www.suse.com/security/cve/CVE-2017-9023/ SUSE CVE CVE-2017-9023 page https://www.suse.com/security/cve/CVE-2018-10811/ SUSE CVE CVE-2018-10811 page https://www.suse.com/security/cve/CVE-2018-17540/ SUSE CVE CVE-2018-17540 page https://www.suse.com/security/cve/CVE-2018-5388/ SUSE CVE CVE-2018-5388 page https://www.suse.com/security/cve/CVE-2018-6459/ SUSE CVE CVE-2018-6459 page openSUSE Tumbleweed strongswan-5.9.0-1.9 strongswan-doc-5.9.0-1.9 strongswan-hmac-5.9.0-1.9 strongswan-ipsec-5.9.0-1.9 strongswan-libs0-5.9.0-1.9 strongswan-mysql-5.9.0-1.9 strongswan-nm-5.9.0-1.9 strongswan-sqlite-5.9.0-1.9 strongswan-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-doc-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-hmac-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-ipsec-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-libs0-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-mysql-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-nm-5.9.0-1.9 as a component of openSUSE Tumbleweed strongswan-sqlite-5.9.0-1.9 as a component of openSUSE Tumbleweed The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. CVE-2017-11185 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-11185.html CVE-2017-11185 https://bugzilla.suse.com/1051222 SUSE Bug 1051222 https://bugzilla.suse.com/1107874 SUSE Bug 1107874 The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. CVE-2017-9022 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9022.html CVE-2017-9022 https://bugzilla.suse.com/1039514 SUSE Bug 1039514 The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. CVE-2017-9023 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9023.html CVE-2017-9023 https://bugzilla.suse.com/1039515 SUSE Bug 1039515 strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. CVE-2018-10811 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10811.html CVE-2018-10811 https://bugzilla.suse.com/1093536 SUSE Bug 1093536 The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. CVE-2018-17540 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-17540.html CVE-2018-17540 https://bugzilla.suse.com/1107874 SUSE Bug 1107874 https://bugzilla.suse.com/1109845 SUSE Bug 1109845 In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. CVE-2018-5388 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5388.html CVE-2018-5388 https://bugzilla.suse.com/1094462 SUSE Bug 1094462 https://bugzilla.suse.com/1101792 SUSE Bug 1101792 The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. CVE-2018-6459 openSUSE Tumbleweed:strongswan-5.9.0-1.9 openSUSE Tumbleweed:strongswan-doc-5.9.0-1.9 openSUSE Tumbleweed:strongswan-hmac-5.9.0-1.9 openSUSE Tumbleweed:strongswan-ipsec-5.9.0-1.9 openSUSE Tumbleweed:strongswan-libs0-5.9.0-1.9 openSUSE Tumbleweed:strongswan-mysql-5.9.0-1.9 openSUSE Tumbleweed:strongswan-nm-5.9.0-1.9 openSUSE Tumbleweed:strongswan-sqlite-5.9.0-1.9 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-6459.html CVE-2018-6459 https://bugzilla.suse.com/1079548 SUSE Bug 1079548