From cfd8f205287154f02fc1c37c6a7aee8db086bc5b Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 23 Aug 2017 20:33:15 +0100 Subject: [PATCH] strongswan: Update to 5.6.0 Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key. The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. This result wasn't handled properly causing a null-pointer dereference. This vulnerability has been registered as CVE-2017-11185. Signed-off-by: Michael Tremer --- strongswan/patches/compile-fix-glibc-2.26.patch | 11 +++++++++++ strongswan/strongswan.nm | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 strongswan/patches/compile-fix-glibc-2.26.patch diff --git a/strongswan/patches/compile-fix-glibc-2.26.patch b/strongswan/patches/compile-fix-glibc-2.26.patch new file mode 100644 index 000000000..a79b2102b --- /dev/null +++ b/strongswan/patches/compile-fix-glibc-2.26.patch @@ -0,0 +1,11 @@ +--- a/src/libstrongswan/utils/utils/memory.h~ 2017-08-23 19:27:47.033658351 +0000 ++++ b/src/libstrongswan/utils/utils/memory.h 2017-08-23 19:28:09.468390261 +0000 +@@ -22,6 +22,8 @@ + #ifndef MEMORY_H_ + #define MEMORY_H_ + ++#include ++ + /** + * Helper function that compares two binary blobs for equality + */ diff --git a/strongswan/strongswan.nm b/strongswan/strongswan.nm index dd7a0a45f..949ebd736 100644 --- a/strongswan/strongswan.nm +++ b/strongswan/strongswan.nm @@ -4,8 +4,8 @@ ############################################################################### name = strongswan -version = 5.5.3 -release = 3 +version = 5.6.0 +release = 1 groups = Networking/VPN url = http://www.strongswan.org/ -- 2.39.2