From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 19 Feb 2018 09:37:04 +0000 (+0100)
Subject: NEWS: Add info about CVE-2018-6459
X-Git-Tag: 5.6.2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b640afdb2ebf4d47b23616148acbef67b72c1d0e;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2018-6459
---

diff --git a/NEWS b/NEWS
index 667532c295..6a0ae7c4af 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,15 @@
 strongswan-5.6.2
 ----------------
 
+- Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that
+  was caused by insufficient input validation.  One of the configurable
+  parameters in algorithm identifier structures for RSASSA-PSS signatures is the
+  mask generation function (MGF).  Only MGF1 is currently specified for this
+  purpose.  However, this in turn takes itself a parameter that specifies the
+  underlying hash function.  strongSwan's parser did not correctly handle the
+  case of this parameter being absent, causing an undefined data read.
+  This vulnerability has been registered as CVE-2018-6459.
+
 - The previously negotiated DH group is reused when rekeying an SA, instead of
   using the first group in the configured proposals, which avoids an additional
   exchange if the peer selected a different group via INVALID_KE_PAYLOAD when