You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa strongswan

Sigurnosni nedostatak programskog paketa strongswan

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3774-1
October 01, 2018

strongswan vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

strongSwan could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
– strongswan: IPsec VPN solution

Details:

It was discovered that strongSwan incorrectly handled signature validation
in the gmp plugin. A remote attacker could use this issue to cause
strongSwan to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libstrongswan 5.6.2-1ubuntu2.3
strongswan 5.6.2-1ubuntu2.3

Ubuntu 16.04 LTS:
libstrongswan 5.3.5-1ubuntu3.8
strongswan 5.3.5-1ubuntu3.8

Ubuntu 14.04 LTS:
libstrongswan 5.1.2-0ubuntu2.11
strongswan 5.1.2-0ubuntu2.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3774-1
CVE-2018-17540

Package Information:
https://launchpad.net/ubuntu/+source/strongswan/5.6.2-1ubuntu2.3
https://launchpad.net/ubuntu/+source/strongswan/5.3.5-1ubuntu3.8
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu2.11

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAluyZhoACgkQZWnYVadE
vpM7uQ/+ObWVu9T5cLXlaJADMoM/vtFh93+N0LqZffQ1jL68K3RHEdh5lIGXCgi2
wRCRP5vfPkKXTHtw0WjoOTGQGyHqOmPxnhDm93htDztg/FbiWayeBdYPUHbRQveA
rSqrAl7fvWNV4L91oS8eGJFMbKSq83AgRt1KhyWksq6X5cwuPF88aL19HXUNkDp9
BstU+UopEQs9o9XfLZxVk7CikNl2HOvPKpHw/sZUThGT0nnxhR/rsUfuommcma6q
YfvJUTHfT5G5+FObXc/to50vU6B2Hy1hTT5u2OFg0I9mj0wT1QeEdYlmQt3VDbxG
HKIcx4btlmrSXgslrwcNqZNF8KedO+hylxGke86lzt7vmvqhuwRtEhW65rxl6vfm
Js0ijChCZzi//9P3MpbMXa1waPvdrdh/EghFXmNjvT9h67wZgID0JBYd6nsXkA4h
Xv3R72DXD0JIOlUFQIR5fmQd2s8L44K5ESs9eXHOKUaP0nCKq1KIHzJ5g4Qw8BLi
DEyOYVvd13K1aCHGiBC7eTWHAYpVQ58iwP9HEspM87f4jisrfWYcV7qiPivs2dAx
5BeWugK6CzhGb9e5aosZvRy6MTN68Cnk67/j7Z+w3QfScpn0AUnP/fQzwKp7BEpu
1EyhpSMfZ08e/VI7Woo2OlOwBDTBihauJHGB6LbOIumXmdg2vlY=
=Ab+9
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ceph-iscsi-cli

Otkriven je sigurnosni nedostatak u programskom paketu ceph-iscsi-cli za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuje izvršavanje proizvoljnog programskog...

Close