From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 24 May 2018 13:52:06 +0000 (+0200)
Subject: NEWS: Add info about CVE-2018-10811
X-Git-Tag: 5.6.3~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64f7fd92c07ca500095238367b457a12e0495a3e;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2018-10811
---

diff --git a/NEWS b/NEWS
index 18f28b81c0..c136008b01 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,11 @@
 strongswan-5.6.3
 ----------------
 
-- Fixes a vulnerability in the stroke plugin, which did not check the received
+- Fixed a DoS vulnerability in the IKEv2 key derivation if the openssl plugin is
+  used in FIPS mode and HMAC-MD5 is negotiated as PRF.
+  This vulnerability has been registered as CVE-2018-10811.
+
+- Fixed a vulnerability in the stroke plugin, which did not check the received
   length before reading a message from the socket. Unless a group is configured,
   root privileges are required to access that socket, so in the default
   configuration this shouldn't be an issue.