Bug 228631 - security/strongswan: Update to 5.6.3 (Fixes DOS Security Vulnerabilities)
Summary: security/strongswan: Update to 5.6.3 (Fixes DOS Security Vulnerabilities)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-31 10:18 UTC by Francois ten Krooden
Modified: 2018-06-03 12:08 UTC (History)
1 user (show)

See Also:
strongswan: maintainer-feedback+


Attachments
strongSwan 5.6.3 Update Diff (2.50 KB, patch)
2018-05-31 10:18 UTC, Francois ten Krooden
strongswan: maintainer-approval+
Details | Diff
VuXML Database update to list the vulnerabilities (2.13 KB, patch)
2018-05-31 10:19 UTC, Francois ten Krooden
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Francois ten Krooden 2018-05-31 10:18:50 UTC
Created attachment 193862 [details]
strongSwan 5.6.3 Update Diff

Updated to strongSwan 5.6.3
Fixes:
 - Denial-of-Service Vulnerability in the IKEv2 key derivation (CVE-2018-10811)
 - Denial-of-Service Vulnerability in the stroke plugin (CVE-2018-5388)
 - Crash on FreeBSD that was present in 5.6.2
 - The kernel-pfkey plugin optionally installs routes via internal interface (one with an IP in the local traffic selector). On FreeBSD, enabling this selects the correct source IP when sending packets from the gateway itself.


Note:
The previous patch file that was added to fix the crash in 5.6.2 (files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c)
Is now removed from the update.
Comment 1 Francois ten Krooden 2018-05-31 10:19:27 UTC
Created attachment 193863 [details]
VuXML Database update to list the vulnerabilities
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-31 12:40:18 UTC
A commit references this bug:

Author: krion
Date: Thu May 31 12:39:52 UTC 2018
New revision: 471205
URL: https://svnweb.freebsd.org/changeset/ports/471205

Log:
  Update to 5.6.3

  Fixes:
   - Denial-of-Service Vulnerability in the IKEv2 key derivation
     (CVE-2018-10811)
   - Denial-of-Service Vulnerability in the stroke plugin
     (CVE-2018-5388)
   - Crash on FreeBSD that was present in 5.6.2
   - The kernel-pfkey plugin optionally installs routes via internal
     interface (one with an IP in the local traffic selector). On
     FreeBSD, enabling this selects the correct source IP when sending
     packets from the gateway itself.

  PR:		228631
  Submitted by:	maintainer

Changes:
  head/security/strongswan/Makefile
  head/security/strongswan/distinfo
  head/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-05-31 12:42:23 UTC
A commit references this bug:

Author: krion
Date: Thu May 31 12:42:05 UTC 2018
New revision: 471206
URL: https://svnweb.freebsd.org/changeset/ports/471206

Log:
  Document security/strongswan multiple vulnerabilities
  ((CVE-2018-10811, CVE-2018-5388)

  PR:		228631
  Submitted by:	strongswan@Nanoteq.com

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-06-03 12:08:44 UTC
A commit references this bug:

Author: krion
Date: Sun Jun  3 12:07:42 UTC 2018
New revision: 471490
URL: https://svnweb.freebsd.org/changeset/ports/471490

Log:
  MFH: r471205

  Update to 5.6.3

  Fixes:
   - Denial-of-Service Vulnerability in the IKEv2 key derivation
     (CVE-2018-10811)
   - Denial-of-Service Vulnerability in the stroke plugin
     (CVE-2018-5388)
   - Crash on FreeBSD that was present in 5.6.2
   - The kernel-pfkey plugin optionally installs routes via internal
     interface (one with an IP in the local traffic selector). On
     FreeBSD, enabling this selects the correct source IP when sending
     packets from the gateway itself.

  PR:		228631
  Submitted by:	maintainer

  Approved by:	ports-secteam

Changes:
_U  branches/2018Q2/
  branches/2018Q2/security/strongswan/Makefile
  branches/2018Q2/security/strongswan/distinfo
  branches/2018Q2/security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c