Bug 221716 - security/strongswan: Update to 5.6.0 (Fix security vulnerability)
Summary: security/strongswan: Update to 5.6.0 (Fix security vulnerability)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kurt Jaeger
Depends on:
Reported: 2017-08-22 15:37 UTC by Dani
Modified: 2017-08-23 06:16 UTC (History)
3 users (show)

See Also:
strongswan: maintainer-feedback+

patch-to-5.6.0 (1.20 KB, patch)
2017-08-22 21:14 UTC, Kurt Jaeger
pi: maintainer-approval?
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dani 2017-08-22 15:37:42 UTC
The current version avilable for FreeBSD is vulnerable since 14.08.2017 and has already been patched upstream. The current contains a DoS-Vuln.

Changelog: https://wiki.strongswan.org/versions/66

Available version: 5.5.3
Patched version: 5.6.0

Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key. The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. This result wasn't handled properly causing a null-pointer dereference.

This vulnerability has been registered as CVE-2017-11185 [1].
Please refer to our blog for details. [2]

[1] https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11185
[2] https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html
Comment 1 Kurt Jaeger freebsd_committer 2017-08-22 21:14:22 UTC
Created attachment 185683 [details]

Testbuilds are fine on 12a, 11a, 10i
Comment 2 Francois ten Krooden 2017-08-23 05:56:50 UTC
I am happy with the patch added.
It can be applied to the ports tree.

Just as a note, the gmp plugin referenced in the code is not enabled on the FreeBSD build of strongSwan.
Comment 3 commit-hook freebsd_committer 2017-08-23 06:11:07 UTC
A commit references this bug:

Author: pi
Date: Wed Aug 23 06:10:20 UTC 2017
New revision: 448590
URL: https://svnweb.freebsd.org/changeset/ports/448590

  security/strongswan: update 5.5.3 -> 5.6.0

  - the gmp plugin responsible for CVE-2017-11185 is not enabled
    in the FreeBSD build

  PR:		221716
  Relnotes:	https://wiki.strongswan.org/versions/66
  Reported by:	i.dani@outlook.com
  Approved by:	strongswan@nanoteq.com (maintainer)

Comment 4 Kurt Jaeger freebsd_committer 2017-08-23 06:16:17 UTC
Update committed, thanks!