diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 18:05:48 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-05-29 11:05:04 +0200 |
| commit | 8622a74292191af784ebaa86b134eaa57a0552c6 (patch) | |
| tree | 136413bdf0cd1d56fc72c15cbaef157f2ceb77f4 | |
| parent | 38a8ecadb7d9e183d1c869ad0b8f60a12f9d34d4 (diff) | |
| download | strongswan-8622a74292191af784ebaa86b134eaa57a0552c6.tar.bz2 strongswan-8622a74292191af784ebaa86b134eaa57a0552c6.tar.xz | |
NEWS: Add info about CVE-2017-9022/23
| -rw-r--r-- | NEWS | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -1,6 +1,18 @@ strongswan-5.5.3 ---------------- +- Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient + input validation when verifying RSA signatures. More specifically, + mpz_powm_sec() has two requirements regarding the passed exponent and modulus + that the plugin did not enforce, if these are not met the calculation will + result in a floating point exception that crashes the whole process. + This vulnerability has been registered as CVE-2017-9022. + +- Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 + parser didn't handle ASN.1 CHOICE types properly, which could result in an + infinite loop when parsing X.509 extensions that use such types. + This vulnerability has been registered as CVE-2017-9023. + - The behavior during IKEv2 CHILD_SA rekeying has been changed in order to avoid traffic loss. The responder now only installs the new inbound SA and delays installing the outbound SA until it receives the DELETE for the replaced |