Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 648
    • Issues 648
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 206
    • Merge Requests 206
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #7348

Closed
Open
Opened May 31, 2017 by Alicha CH@alichaReporter

[3.5] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)

CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin

RSA public keys passed to the gmp plugin aren’t validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point
exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

Affected versions:

All versions since 4.4.0, up to and including 5.5.2.

Fixed In Version:

strongswan 5.5.3

References:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html

Patches:

https://download.strongswan.org/security/CVE-2017-9022/

CVE-2017-9023: Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically crafted certificate.

Affected versions:

All strongSwan versions up to and including 5.5.2

Fixed In Version:

strongswan 5.5.3

References:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html

Patches:

https://download.strongswan.org/security/CVE-2017-9023/

(from redmine: issue id 7348, created on 2017-05-31, closed on 2017-06-15)

  • Relations:
    • parent #7346 (closed)
  • Changesets:
    • Revision 82ccbbff by Natanael Copa on 2017-05-31T14:02:55Z:
main/strongswan: security upgrade to 5.5.3 (CVE-2017-9022,CVE-2017-9023)

fixes #7348
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.5.3
Milestone
3.5.3 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#7348