NEWS: Add info about CVE-2018-17540

author Tobias Brunner <tobias@strongswan.org>

Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)
author Tobias Brunner <tobias@strongswan.org>
Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)
diff --git a/NEWS b/NEWS

index 81c76e070dc71073cb0a19bd9fb571f363160e8b..18bf7e3dbe5c4c4cce172ce69706adcc44879553 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+strongswan-5.7.1
+----------------
+
+- Fixes a vulnerability in the gmp plugin triggered by crafted certificates with
+  RSA keys with very small moduli.  When verifying signatures with such keys,
+  the code patched with the fix for CVE-2018-16151/2 caused an integer underflow
+  and subsequent heap buffer overflow that results in a crash of the daemon.
+  The vulnerability has been registered as CVE-2018-17540.
+
+
  strongswan-5.7.0
  ----------------
author	Tobias Brunner <tobias@strongswan.org>
	Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 1 Oct 2018 08:26:08 +0000 (10:26 +0200)