NEWS: Add info about CVE-2023-26463

author Tobias Brunner <tobias@strongswan.org>

Fri, 24 Feb 2023 15:07:38 +0000 (16:07 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Thu, 2 Mar 2023 08:39:52 +0000 (09:39 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 24 Feb 2023 15:07:38 +0000 (16:07 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Thu, 2 Mar 2023 08:39:52 +0000 (09:39 +0100)
diff --git a/NEWS b/NEWS

index 99451803352a882a30c5add5bf09d8b84574e289..1a87c3c6a5fe5170b89cfc718d724372c32fe54b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
  strongswan-5.9.10
  -----------------
  
+- Fixed a vulnerability related to certificate verification in TLS-based EAP
+  methods that leads to an authentication bypass followed by an expired pointer
+  dereference that results in a denial of service and possibly even remote code
+  execution.
+  This vulnerability has been registered as CVE-2023-26463.
+
  - Added support for full packet hardware offload for IPsec SAs and policies with
    Linux 6.2 kernels to the kernel-netlink plugin.
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 24 Feb 2023 15:07:38 +0000 (16:07 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 2 Mar 2023 08:39:52 +0000 (09:39 +0100)