Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 648
    • Issues 648
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 206
    • Merge Requests 206
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #7346

Closed
Open
Opened May 31, 2017 by Alicha CH@alichaReporter

strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)

CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin

RSA public keys passed to the gmp plugin aren’t validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point
exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

Affected versions:

All versions since 4.4.0, up to and including 5.5.2.

Fixed In Version:

strongswan 5.5.3

References:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html

Patches:

https://download.strongswan.org/security/CVE-2017-9022/

CVE-2017-9023: Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically crafted certificate.

Affected versions:

All strongSwan versions up to and including 5.5.2

Fixed In Version:

strongswan 5.5.3

References:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html

Patches:

https://download.strongswan.org/security/CVE-2017-9023/

(from redmine: issue id 7346, created on 2017-05-31, closed on 2017-06-15)

  • Relations:
    • child #7347 (closed)
    • child #7348 (closed)
    • child #7349 (closed)
    • child #7350 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#7346