Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#57597 - [strongswan] CVE-2018-6459
Attached to Project:
Community Packages
Opened by Karol Babioch (kbabioch) - Wednesday, 21 February 2018, 13:57 GMT
Last edited by Christian Rebischke (Shibumi) - Wednesday, 21 February 2018, 14:57 GMT
Opened by Karol Babioch (kbabioch) - Wednesday, 21 February 2018, 13:57 GMT
Last edited by Christian Rebischke (Shibumi) - Wednesday, 21 February 2018, 14:57 GMT
|
DetailsDescription:
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. References: https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html |
This task depends upon
Closed by Christian Rebischke (Shibumi)
Wednesday, 21 February 2018, 14:57 GMT
Reason for closing: Fixed
Additional comments about closing: fixed with strongswan-5.6.2-1-x86_64.pkg.tar.xz
Wednesday, 21 February 2018, 14:57 GMT
Reason for closing: Fixed
Additional comments about closing: fixed with strongswan-5.6.2-1-x86_64.pkg.tar.xz
Comment by Christian Rebischke (Shibumi) -
Wednesday, 21 February 2018, 14:45 GMT
strongswan-5.6.2-1-x86_64.pkg.tar.xz will fix this issue..