Overview
Request 233823 accepted
- Applied fix for DoS vulnerability by a crafted ID_DER_ASN1_DN ID
payload caused by a NULL-pointer dereference when such identities
are parsed (bnc#876449, CVE-2014-2891).
[+0004-strongswan-4.3.3-5.1.1_asn1_unwrap-CVE-2014-2891.patch]
- Applied fix for a authentication bypass vulnerability in the
strongSwan IKEv2 code. The bug can be triggered by rekeying an
unestablished IKE_SA while it gets actively initiated allowing
an attacker to trick a peer's IKE_SA state to established.
IKEv1 is not not affected. (CVE-2014-2338, bnc#870572).
[+0003-strongswan-CVE-2014-2338-5.x.patch]
- Created by mtomaschewski
- In state accepted
Request History
mtomaschewski created request
- Applied fix for DoS vulnerability by a crafted ID_DER_ASN1_DN ID
payload caused by a NULL-pointer dereference when such identities
are parsed (bnc#876449, CVE-2014-2891).
[+0004-strongswan-4.3.3-5.1.1_asn1_unwrap-CVE-2014-2891.patch]
- Applied fix for a authentication bypass vulnerability in the
strongSwan IKEv2 code. The bug can be triggered by rekeying an
unestablished IKE_SA while it gets actively initiated allowing
an attacker to trick a peer's IKE_SA state to established.
IKEv1 is not not affected. (CVE-2014-2338, bnc#870572).
[+0003-strongswan-CVE-2014-2338-5.x.patch]
jsegitz accepted request
ok