ipfire-3.x

History

Michael Tremer cfd8f20528 strongswan: Update to 5.6.0 Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key. The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. This result wasn't handled properly causing a null-pointer dereference. This vulnerability has been registered as CVE-2017-11185. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>	2017-08-23 20:33:15 +01:00
..
compile-fix-glibc-2.26.patch	strongswan: Update to 5.6.0	2017-08-23 20:33:15 +01:00

Michael Tremer cfd8f20528 strongswan: Update to 5.6.0

Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation
when verifying RSA signatures, which requires decryption with the operation m^e mod n,
where m is the signature, and e and n are the exponent and modulus of the public key.
The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this.
So if m equals n the calculation results in 0, in which case mpz_export() returns NULL.
This result wasn't handled properly causing a null-pointer dereference.

This vulnerability has been registered as CVE-2017-11185.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

2017-08-23 20:33:15 +01:00

compile-fix-glibc-2.26.patch

strongswan: Update to 5.6.0

2017-08-23 20:33:15 +01:00