[USN-3774-1] strongSwan vulnerability


This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–===============7379747128421948135==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol=”application/pgp-signature”;
boundary=”BxE5V3WdTKsIVqvktLXHuRDHgCz24Im0P”

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
–BxE5V3WdTKsIVqvktLXHuRDHgCz24Im0P
Content-Type: multipart/mixed; boundary=”LzdYKeM5mW5jOhHaaZmWKxqYjwgXyxMyt”;
protected-headers=”v1″
From: Marc Deslauriers
Reply-To: Ubuntu Security
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID:
Subject: [USN-3774-1] strongSwan vulnerability

–LzdYKeM5mW5jOhHaaZmWKxqYjwgXyxMyt
Content-Type: text/plain; charset=utf-8
Content-Language: en-CA
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-3774-1
October 01, 2018

strongswan vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

strongSwan could be made to crash or run programs if it received speciall=
y
crafted network traffic.

Software Description:
– strongswan: IPsec VPN solution

Details:

It was discovered that strongSwan incorrectly handled signature validatio=
n
in the gmp plugin. A remote attacker could use this issue to cause
strongSwan to crash, resulting in a denial of service, or possibly execut=
e
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libstrongswan 5.6.2-1ubuntu2.3
strongswan 5.6.2-1ubuntu2.3

Ubuntu 16.04 LTS:
libstrongswan 5.3.5-1ubuntu3.8
strongswan 5.3.5-1ubuntu3.8

Ubuntu 14.04 LTS:
libstrongswan 5.1.2-0ubuntu2.11
strongswan 5.1.2-0ubuntu2.11

In general, a standard system update will make all the necessary changes.=

References:
https://usn.ubuntu.com/usn/usn-3774-1
CVE-2018-17540

Package Information:
https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.3
https://launchpad.net/ubuntu/+source/strongswan/5.3.5-1ubuntu3.8
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu2.11

–LzdYKeM5mW5jOhHaaZmWKxqYjwgXyxMyt–

–BxE5V3WdTKsIVqvktLXHuRDHgCz24Im0P
Content-Type: application/pgp-signature; name=”signature.asc”
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename=”signature.asc”

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAluyZhoACgkQZWnYVadE
vpM7uQ/+ObWVu9T5cLXlaJADMoM/vtFh93+N0LqZffQ1jL68K3RHEdh5lIGXCgi2
wRCRP5vfPkKXTHtw0WjoOTGQGyHqOmPxnhDm93htDztg/FbiWayeBdYPUHbRQveA
rSqrAl7fvWNV4L91oS8eGJFMbKSq83AgRt1KhyWksq6X5cwuPF88aL19HXUNkDp9
BstU+UopEQs9o9XfLZxVk7CikNl2HOvPKpHw/sZUThGT0nnxhR/rsUfuommcma6q
YfvJUTHfT5G5+FObXc/to50vU6B2Hy1hTT5u2OFg0I9mj0wT1QeEdYlmQt3VDbxG
HKIcx4btlmrSXgslrwcNqZNF8KedO+hylxGke86lzt7vmvqhuwRtEhW65rxl6vfm
Js0ijChCZzi//9P3MpbMXa1waPvdrdh/EghFXmNjvT9h67wZgID0JBYd6nsXkA4h
Xv3R72DXD0JIOlUFQIR5fmQd2s8L44K5ESs9eXHOKUaP0nCKq1KIHzJ5g4Qw8BLi
DEyOYVvd13K1aCHGiBC7eTWHAYpVQ58iwP9HEspM87f4jisrfWYcV7qiPivs2dAx
5BeWugK6CzhGb9e5aosZvRy6MTN68Cnk67/j7Z+w3QfScpn0AUnP/fQzwKp7BEpu
1EyhpSMfZ08e/VI7Woo2OlOwBDTBihauJHGB6LbOIumXmdg2vlY=
=Ab+9
—–END PGP SIGNATURE—–

–BxE5V3WdTKsIVqvktLXHuRDHgCz24Im0P–

–===============7379747128421948135==
Content-Type: text/plain; charset=”utf-8″
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

–===============7379747128421948135==–