Bug 226043

Summary: [maintainer-update] security/strongswan: Update to 5.6.2 [CVE-2018-6459]
Product: Ports & Packages Reporter: Francois ten Krooden <strongswan>
Component: Individual Port(s)Assignee: Renato Botelho <garga>
Status: Closed FIXED    
Severity: Affects Some People CC: garga, w.schwarzenfeld
Priority: --- Flags: strongswan: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Update strongswan to 5.6.2
strongswan: maintainer-approval+
Update vulnerability database. none

Description Francois ten Krooden 2018-02-19 12:58:30 UTC 
Created attachment 190795 [details]
Update strongswan to 5.6.2

Update strongswan to 5.6.2 to fix vulnerability CVE-2018-6459.

https://github.com/strongswan/strongswan/blob/master/NEWS

Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
was caused by insufficient input validation.  One of the configurable
parameters in algorithm identifier structures for RSASSA-PSS signatures is the
mask generation function (MGF).  Only MGF1 is currently specified for this
purpose.  However, this in turn takes itself a parameter that specifies the
underlying hash function.  strongSwan's parser did not correctly handle the
case of this parameter being absent, causing an undefined data read.
This vulnerability has been registered as CVE-2018-6459.


Bug 220488 is also fixed as part of this patch.
(https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220488)
Comment 1 Francois ten Krooden 2018-02-19 12:59:02 UTC 
Created attachment 190796 [details]
Update vulnerability database.
Comment 2 Walter Schwarzenfeld 2018-02-28 17:40:28 UTC 
Please, would you include this small change #220488?
Comment 3 Walter Schwarzenfeld 2018-02-28 17:40:54 UTC 
bug #220488.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-03-01 13:49:35 UTC 
A commit references this bug:

Author: garga
Date: Thu Mar  1 13:49:00 UTC 2018
New revision: 463322
URL: https://svnweb.freebsd.org/changeset/ports/463322

Log:
  Document strongswan vulnerability

  PR:		226043
  Submitted by:	strongswan@Nanoteq.com
  Security:	CVE-2018-6459
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
  head/security/vuxml/vuln.xml
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-03-01 13:53:42 UTC 
A commit references this bug:

Author: garga
Date: Thu Mar  1 13:53:16 UTC 2018
New revision: 463323
URL: https://svnweb.freebsd.org/changeset/ports/463323

Log:
  - Update security/strongswan to 5.6.2 [1]
  - Enable CURL option by default [2]

  PR:		226043 [1], 220488 [2]
  Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
  		karl@denninger.net [2]
  Approved by:	maintainer [2]
  MFH:		2018Q1
  Security:	CVE-2018-6459
  Sponsored by:	Rubicon Communications, LLC (Netgate)

Changes:
  head/security/strongswan/Makefile
  head/security/strongswan/distinfo
  head/security/strongswan/pkg-plist
Comment 6 commit-hook freebsd_committer freebsd_triage 2018-03-05 11:39:43 UTC 
A commit references this bug:

Author: garga
Date: Mon Mar  5 11:39:16 UTC 2018
New revision: 463645
URL: https://svnweb.freebsd.org/changeset/ports/463645

Log:
  MFH: r463323

  - Update security/strongswan to 5.6.2 [1]
  - Enable CURL option by default [2]

  PR:		226043 [1], 220488 [2]
  Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
  		karl@denninger.net [2]
  Approved by:	maintainer [2]
  Security:	CVE-2018-6459
  Sponsored by:	Rubicon Communications, LLC (Netgate)
  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q1/
  branches/2018Q1/security/strongswan/Makefile
  branches/2018Q1/security/strongswan/distinfo
  branches/2018Q1/security/strongswan/pkg-plist