FS#57597 : [strongswan] CVE-2018-6459

FS#57597 - [strongswan] CVE-2018-6459

Attached to Project: Community Packages
Opened by Karol Babioch (kbabioch) - Wednesday, 21 February 2018, 13:57 GMT
Last edited by Christian Rebischke (Shibumi) - Wednesday, 21 February 2018, 14:57 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Christian Rebischke (Shibumi) Levente Polyak (anthraxx)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Christian Rebischke (Shibumi) (2018-02-21)
Private	No

Details

Description:

The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.

References:
https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html

This task depends upon

Closed by Christian Rebischke (Shibumi)
Wednesday, 21 February 2018, 14:57 GMT
Reason for closing: Fixed
Additional comments about closing: fixed with strongswan-5.6.2-1-x86_64.pkg.tar.xz

Comment by Christian Rebischke (Shibumi) - Wednesday, 21 February 2018, 14:45 GMT

strongswan-5.6.2-1-x86_64.pkg.tar.xz will fix this issue..

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#57597 - [strongswan] CVE-2018-6459

Details

Loading...