FreeBSD Bugzilla – Attachment 193863 Details for
Bug 228631
security/strongswan: Update to 5.6.3 (Fixes DOS Security Vulnerabilities)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
VuXML Database update to list the vulnerabilities
vuxml.diff (text/plain), 2.13 KB, created by
Francois ten Krooden
on 2018-05-31 10:19:27 UTC
(
hide
)
Description:
VuXML Database update to list the vulnerabilities
Filename:
MIME Type:
Creator:
Francois ten Krooden
Created:
2018-05-31 10:19:27 UTC
Size:
2.13 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 471184) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,43 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="7fc3e827-64a5-11e8-aedb-00224d821998"> >+ <topic>strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)</topic> >+ <affects> >+ <package> >+ <name>strongswan</name> >+ <range><lt>5.6.3</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>strongSwan security team reports:</p> >+ <blockquote cite="https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html"> >+ <ul><li>A denial-of-service vulnerability in the IKEv2 key derivation was fixed >+ if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as >+ PRF (which is not FIPS-compliant). So this should only affect very specific setups, >+ but in such configurations all strongSwan versions since 5.0.1 may be affected.</li> >+ <li>A denial-of-service vulnerability in the stroke plugin was fixed. >+ When reading a message from the socket the plugin did not check the received length. >+ Unless a group is configured, root privileges are required to access that socket, >+ so in the default configuration this shouldn't be an issue, but all strongSwan versions may be affected. >+ </li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html</url> >+ <cvename>CVE-2018-10811</cvename> >+ <url>https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html</url> >+ <cvename>CVE-2018-5388</cvename> >+ </references> >+ <dates> >+ <discovery>2018-05-16</discovery> >+ <entry>2018-05-31</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="427b0f58-644c-11e8-9e1b-e8e0b747a45a"> > <topic>chromium -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=193863">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 228631
:
193862
| 193863