Bug 226043 - [maintainer-update] security/strongswan: Update to 5.6.2 [CVE-2018-6459]
Summary: [maintainer-update] security/strongswan: Update to 5.6.2 [CVE-2018-6459]
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-19 12:58 UTC by Francois ten Krooden
Modified: 2018-03-05 16:20 UTC (History)
2 users (show)

See Also:
strongswan: maintainer-feedback+

Attachments
Update strongswan to 5.6.2 (4.22 KB, patch)
2018-02-19 12:58 UTC, Francois ten Krooden 		strongswan: maintainer-approval+
Details | Diff
Update vulnerability database. (1.88 KB, patch)
2018-02-19 12:59 UTC, Francois ten Krooden 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Francois ten Krooden 2018-02-19 12:58:30 UTC 
Created attachment 190795 [details]
Update strongswan to 5.6.2

Update strongswan to 5.6.2 to fix vulnerability CVE-2018-6459.

https://github.com/strongswan/strongswan/blob/master/NEWS

Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
was caused by insufficient input validation.  One of the configurable
parameters in algorithm identifier structures for RSASSA-PSS signatures is the
mask generation function (MGF).  Only MGF1 is currently specified for this
purpose.  However, this in turn takes itself a parameter that specifies the
underlying hash function.  strongSwan's parser did not correctly handle the
case of this parameter being absent, causing an undefined data read.
This vulnerability has been registered as CVE-2018-6459.


Bug 220488 is also fixed as part of this patch.
(https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220488)
Comment 1 Francois ten Krooden 2018-02-19 12:59:02 UTC 
Created attachment 190796 [details]
Update vulnerability database.
Comment 2 Walter Schwarzenfeld freebsd_triage 2018-02-28 17:40:28 UTC 
Please, would you include this small change #220488?
Comment 3 Walter Schwarzenfeld freebsd_triage 2018-02-28 17:40:54 UTC 
bug #220488.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-03-01 13:49:35 UTC 
A commit references this bug:

Author: garga
Date: Thu Mar  1 13:49:00 UTC 2018
New revision: 463322
URL: https://svnweb.freebsd.org/changeset/ports/463322

Log:
  Document strongswan vulnerability

  PR:		226043
  Submitted by:	strongswan@Nanoteq.com
  Security:	CVE-2018-6459
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-03-01 13:53:42 UTC 
A commit references this bug:

Author: garga
Date: Thu Mar  1 13:53:16 UTC 2018
New revision: 463323
URL: https://svnweb.freebsd.org/changeset/ports/463323

Log:
  - Update security/strongswan to 5.6.2 [1]
  - Enable CURL option by default [2]

  PR:		226043 [1], 220488 [2]
  Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
  		karl@denninger.net [2]
  Approved by:	maintainer [2]
  MFH:		2018Q1
  Security:	CVE-2018-6459
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
  head/security/strongswan/Makefile
  head/security/strongswan/distinfo
  head/security/strongswan/pkg-plist
Comment 6 commit-hook freebsd_committer freebsd_triage 2018-03-05 11:39:43 UTC 
A commit references this bug:

Author: garga
Date: Mon Mar  5 11:39:16 UTC 2018
New revision: 463645
URL: https://svnweb.freebsd.org/changeset/ports/463645

Log:
  MFH: r463323

  - Update security/strongswan to 5.6.2 [1]
  - Enable CURL option by default [2]

  PR:		226043 [1], 220488 [2]
  Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
  		karl@denninger.net [2]
  Approved by:	maintainer [2]
  Security:	CVE-2018-6459
  Sponsored by:	Rubicon Communications, LLC (Netgate)
  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q1/
  branches/2018Q1/security/strongswan/Makefile
  branches/2018Q1/security/strongswan/distinfo
  branches/2018Q1/security/strongswan/pkg-plist