NEWS: Added info about CVE-2014-9221

author: Tobias Brunner <tobias@strongswan.org> 2014-12-18 16:15:03 +0100
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2014-12-23 15:40:01 +0100
commit: 919449a3f1f9218c18d6e8bda936a03768b98510 (patch)
tree: cbdec265a4b28ac2321658f4acb9d5805e8b7a15 /NEWS
parent: 691d00f1662d6195cb35f02742fb4d4b4aa589ea (diff)
download: strongswan-919449a3f1f9218c18d6e8bda936a03768b98510.tar.bz2
strongswan-919449a3f1f9218c18d6e8bda936a03768b98510.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index f757dd48d..1bce48d69 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,14 @@
 strongswan-5.2.2
 ----------------
 
+- Fixed a denial-of-service vulnerability triggered by an IKEv2 Key Exchange
+  payload that contains the Diffie-Hellman group 1025.  This identifier was
+  used internally for DH groups with custom generator and prime.  Because
+  these arguments are missing when creating DH objects based on the KE payload
+  an invalid pointer dereference occurred.  This allowed an attacker to crash
+  the IKE daemon with a single IKE_SA_INIT message containing such a KE
+  payload.  The vulnerability has been registered as CVE-2014-9221.
+
 - The left/rightid options in ipsec.conf, or any other identity in strongSwan,
   now accept prefixes to enforce an explicit type, such as email: or fqdn:.
   Note that no conversion is done for the remaining string, refer to
author	Tobias Brunner <tobias@strongswan.org>	2014-12-18 16:15:03 +0100
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2014-12-23 15:40:01 +0100
commit	919449a3f1f9218c18d6e8bda936a03768b98510 (patch)
tree	cbdec265a4b28ac2321658f4acb9d5805e8b7a15 /NEWS
parent	691d00f1662d6195cb35f02742fb4d4b4aa589ea (diff)
download	strongswan-919449a3f1f9218c18d6e8bda936a03768b98510.tar.bz2 strongswan-919449a3f1f9218c18d6e8bda936a03768b98510.tar.xz