From: Michael Tremer Date: Mon, 19 Feb 2018 23:44:57 +0000 (+0000) Subject: strongswan: Update to 5.6.2 X-Git-Tag: v2.19-core120~86 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ea3b9a4f8837242222115601487259181f79df9d;p=people%2Fstevee%2Fipfire-2.x.git strongswan: Update to 5.6.2 Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation. One of the configurable parameters in algorithm identifier structures for RSASSA-PSS signatures is the mask generation function (MGF). Only MGF1 is currently specified for this purpose. However, this in turn takes itself a parameter that specifies the underlying hash function. strongSwan's parser did not correctly handle the case of this parameter being absent, causing an undefined data read. This vulnerability has been registered as CVE-2018-6459. Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/core/119/filelists/strongswan b/config/rootfiles/core/119/filelists/strongswan new file mode 120000 index 0000000000..90c727e265 --- /dev/null +++ b/config/rootfiles/core/119/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/119/update.sh b/config/rootfiles/core/119/update.sh index 1231a4941b..fdca22bc56 100644 --- a/config/rootfiles/core/119/update.sh +++ b/config/rootfiles/core/119/update.sh @@ -32,6 +32,7 @@ for (( i=1; i<=$core; i++ )); do done # Stop services +ipsec stop # Remove old files rm -vf \ diff --git a/lfs/strongswan b/lfs/strongswan index f012492d03..58f8c5e9b2 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@ include Config -VER = 5.6.1 +VER = 5.6.2 THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = cb2241f1b96c524cd15b1c0f50ed9a27 +$(DL_FILE)_MD5 = 46aa3aa18fbc4bd528f9a0345ce79913 install : $(TARGET)