diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2014-12-18 16:15:03 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2014-12-23 15:40:01 +0100 |
| commit | 919449a3f1f9218c18d6e8bda936a03768b98510 (patch) | |
| tree | cbdec265a4b28ac2321658f4acb9d5805e8b7a15 | |
| parent | 691d00f1662d6195cb35f02742fb4d4b4aa589ea (diff) | |
| download | strongswan-919449a3f1f9218c18d6e8bda936a03768b98510.tar.bz2 strongswan-919449a3f1f9218c18d6e8bda936a03768b98510.tar.xz | |
NEWS: Added info about CVE-2014-9221
| -rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -1,6 +1,14 @@ strongswan-5.2.2 ---------------- +- Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange + payload that contains the Diffie-Hellman group 1025. This identifier was + used internally for DH groups with custom generator and prime. Because + these arguments are missing when creating DH objects based on the KE payload + an invalid pointer dereference occurred. This allowed an attacker to crash + the IKE daemon with a single IKE_SA_INIT message containing such a KE + payload. The vulnerability has been registered as CVE-2014-9221. + - The left/rightid options in ipsec.conf, or any other identity in strongSwan, now accept prefixes to enforce an explicit type, such as email: or fqdn:. Note that no conversion is done for the remaining string, refer to |