Attachment #190796 for bug #226043

View | Details | Raw Unified | Return to bug 226043 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="6a449a37-1570-11e8-8e00-000c294a5758">
    <topic>strongswan - Insufficient input validation in RSASSA-PSS signature parser</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><eq>5.6.1</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Strongswan Release Notes reports:</p>
	<blockquote cite="https://github.com/strongswan/strongswan/blob/master/NEWS">
	  <p>Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
             was caused by insufficient input validation.  One of the configurable
             parameters in algorithm identifier structures for RSASSA-PSS signatures is the
             mask generation function (MGF).  Only MGF1 is currently specified for this
             purpose.  However, this in turn takes itself a parameter that specifies the
             underlying hash function.  strongSwan's parser did not correctly handle the
             case of this parameter being absent, causing an undefined data read.
             his vulnerability has been registered as CVE-2018-6459.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-6459</cvename>
      <url>https://github.com/strongswan/strongswan/commit/40da179f28b768ffcf6ff7e2f68675eb44806668</url>
    </references>
    <dates>
      <discovery>2018-01-31</discovery>
      <entry>2018-02-19</entry>
    </dates>
  </vuln>

  <vuln vid="a183acb5-1414-11e8-9542-002590acae31">
    <topic>p5-Mojolicious -- cookie-handling vulnerability</topic>
    <affects>

Return to bug 226043

Lines 58-63 Link Here

(-)vuln.xml (+33 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="6a449a37-1570-11e8-8e00-000c294a5758">
		62	<topic>strongswan - Insufficient input validation in RSASSA-PSS signature parser</topic>
		63	<affects>
		64	<package>
		65	<name>strongswan</name>
		66	<range><eq>5.6.1</eq></range>
		67	</package>
		68	</affects>
		69	<description>
		70	<body xmlns="http://www.w3.org/1999/xhtml">
		71	<p>Strongswan Release Notes reports:</p>
		72	<blockquote cite="https://github.com/strongswan/strongswan/blob/master/NEWS">
		73	<p>Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
		74	was caused by insufficient input validation. One of the configurable
		75	parameters in algorithm identifier structures for RSASSA-PSS signatures is the
		76	mask generation function (MGF). Only MGF1 is currently specified for this
		77	purpose. However, this in turn takes itself a parameter that specifies the
		78	underlying hash function. strongSwan's parser did not correctly handle the
		79	case of this parameter being absent, causing an undefined data read.
		80	his vulnerability has been registered as CVE-2018-6459.</p>
		81	</blockquote>
		82	</body>
		83	</description>
		84	<references>
		85	<cvename>CVE-2018-6459</cvename>
		86	<url>https://github.com/strongswan/strongswan/commit/40da179f28b768ffcf6ff7e2f68675eb44806668</url>
		87	</references>
		88	<dates>
		89	<discovery>2018-01-31</discovery>
		90	<entry>2018-02-19</entry>
		91	</dates>
		92	</vuln>
		93
61	<vuln vid="a183acb5-1414-11e8-9542-002590acae31">	94	<vuln vid="a183acb5-1414-11e8-9542-002590acae31">
62	<topic>p5-Mojolicious -- cookie-handling vulnerability</topic>	95	<topic>p5-Mojolicious -- cookie-handling vulnerability</topic>
63	<affects>	96	<affects>