diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-08-08 20:14:00 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-08-14 08:49:33 +0200 |
commit | 7cc4a92d0b3ae028398c2154d63f779ea445dd5b (patch) | |
tree | 4ac0c52768ff3faa6373de53607f4589e021ccf0 | |
parent | ef5c37fcdf47273feea320091598135688df4ef7 (diff) | |
download | strongswan-7cc4a92d0b3ae028398c2154d63f779ea445dd5b.tar.bz2 strongswan-7cc4a92d0b3ae028398c2154d63f779ea445dd5b.tar.xz |
NEWS: Add info about CVE-2017-11185
-rw-r--r-- | NEWS | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -1,6 +1,15 @@ strongswan-5.6.0 ---------------- +- Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient + input validation when verifying RSA signatures, which requires decryption + with the operation m^e mod n, where m is the signature, and e and n are the + exponent and modulus of the public key. The value m is an integer between + 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the + calculation results in 0, in which case mpz_export() returns NULL. This + result wasn't handled properly causing a null-pointer dereference. + This vulnerability has been registered as CVE-2017-11185. + - New SWIMA IMC/IMV pair implements the "draft-ietf-sacm-nea-swima-patnc" Internet Draft and has been demonstrated at the IETF 99 Prague Hackathon. |