Security update for strongswan
This update for strongswan fixes the following issues:
Security issues fixed:
- CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker
with local user credentials to resource exhaustion and denial of service while
reading from the socket (bsc#1094462).
- CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if
the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF
(bsc#1093536).
- CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which
might lead to authorization bypass (bsc#1107874).
- CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Madhu Mohan Nelemane (mmnelemane)
Fixed bugs
bnc#1094462
VUL-0: CVE-2018-5388: strongswan: buffer underflow in stroke_socket.c
bnc#1093536
VUL-0: CVE-2018-10811: strongswan: denial-of-service vulnerability in strongSwan
bnc#1107874
VUL-0: CVE-2018-16151, CVE-2018-16152: strongswan: several flaws in the gmp plugin that may lead to an authorization bypass vulnerability
bnc#1109845
VUL-0: CVE-2018-17540: strongswan: Insufficient input validation in gmp plugin
