UbuntuUpdates.org

Package "strongswan"

Name: strongswan

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • standalone IPsec client
  • strongSwan IPsec client, systemd support
  • strongSwan charon library (extra plugins)
  • strongSwan utility and crypto library (extra plugins)

Latest version: 5.9.5-2ubuntu2.3
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "strongswan" in Jammy

Repository Area Version
base main 5.9.5-2ubuntu2
base universe 5.9.5-2ubuntu2
security main 5.9.5-2ubuntu2.3
updates universe 5.9.5-2ubuntu2.3
updates main 5.9.5-2ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.9.5-2ubuntu2.3 2024-05-14 13:07:45 UTC

  strongswan (5.9.5-2ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: improper certificate validation
    - debian/patches/CVE-2022-4967.patch: enforce client/server identity
      when looking for public key in src/libtls/tls_peer.c,
      src/libtls/tls_server.c.
    - CVE-2022-4967

 -- Marc Deslauriers <email address hidden> Mon, 13 May 2024 16:16:55 +0200

Source diff to previous version
CVE-2022-4967 strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297).

Version: 5.9.5-2ubuntu2.2 2023-11-20 17:06:58 UTC

  strongswan (5.9.5-2ubuntu2.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow When Handling DH Public Values
    - debian/patches/CVE-2023-41913.patch: Validate DH public key to fix
      potential buffer overflow in
      src/charon-tkm/src/tkm/tkm_diffie_hellman.c.
    - CVE-2023-41913

 -- Marc Deslauriers <email address hidden> Tue, 07 Nov 2023 11:46:10 +0200

Source diff to previous version

Version: 5.9.5-2ubuntu2.1 2022-10-03 18:07:24 UTC

  strongswan (5.9.5-2ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Using Untrusted URIs for Revocation Checking
    - debian/patches/CVE-2022-40617.patch: do online revocation checks only
      after basic trust chain validation in
      src/libstrongswan/credentials/credential_manager.c.
    - CVE-2022-40617

 -- Marc Deslauriers <email address hidden> Tue, 20 Sep 2022 14:07:10 -0400

CVE-2022-40617 RESERVED



About   -   Send Feedback to @ubuntu_updates