Attachment 231306 Details for Bug 261462 – vuxml entry for the update

[patch] vuxml entry for the update

strongswan-5.9.5-vuxml.diff (text/plain), 1.42 KB, created by Francois ten Krooden on 2022-01-25 11:03:45 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Francois ten Krooden

Created: 2022-01-25 11:03:45 UTC

Size: 1.42 KB

patch

obsolete

>diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
>index 2fa7d3c2d9fe..945e3b2b08be 100644
>--- a/security/vuxml/vuln-2022.xml
>+++ b/security/vuxml/vuln-2022.xml
>@@ -1,3 +1,29 @@
>+  <vuln vid="ccaea96b-7dcd-11ec-93df-00224d821998">
>+    <topic>strongswan - Incorrect Handling of Early EAP-Success Messages</topic>
>+    <affects>
>+      <package>
>+	<name>strongswan</name>
>+	<range><lt>5.9.5</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>Strongswan Release Notes reports:</p>
>+	<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.5">
>+	  <p>Fixed a vulnerability in the EAP client implementation that was caused by incorrectly handling early EAP-Success messages. It may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. This vulnerability has been registered as CVE-2021-45079.</p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2021-45079</cvename>
>+      <url>https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html</url>
>+    </references>
>+    <dates>
>+      <discovery>2021-12-16</discovery>
>+      <entry>2022-01-25</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="309c35f4-7c9f-11ec-a739-206a8a720317">
>     <topic>aide -- heap-based buffer overflow</topic>
>     <affects>

Flags:

strongswan: maintainer-approval+

Actions: View | Diff

Attachments on bug 261462: 231305 | 231306