Security update for strongswan
This update fixes the following security issues:
- denial-of-service vulnerability, which can be triggered by an IKEv2 Key Exchange payload, that
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
- Applied an upstream patch reverting to store algorithms in the
registration order again as ordering them by identifier caused
weaker algorithms to be proposed first by default (bsc#897512).
-
Submitted by
Marius Tomaschewski (mtomaschewski)
Fixed bugs
bnc#897512
strongswan cipher order
bnc#897048
strongswan: fips enforcement breaks openssl+gcrypt support when fips not in use/installed [regression]
bnc#910491
CVE-2014-9221: DoS via payload with DH group 1025
