NEWS: Add info about CVE-2025-62291

author Tobias Brunner <tobias@strongswan.org>

Fri, 24 Oct 2025 13:22:53 +0000 (15:22 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Mon, 27 Oct 2025 13:02:59 +0000 (14:02 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 24 Oct 2025 13:22:53 +0000 (15:22 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Mon, 27 Oct 2025 13:02:59 +0000 (14:02 +0100)
diff --git a/NEWS b/NEWS

index 916f27901850b8ffaf4df47565ba80690ffd1956..ce3cdd25701b21f488c8bf35642c60032906e239 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
  strongswan-6.0.3
  ----------------
  
+- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
+  Request packets on the client that can lead to a heap-based buffer overflow
+  and potentially remote code execution.
+  This vulnerability has been registered as CVE-2025-62291.
+
  - The new `alert` event for vici is raised for certain error conditions.
  
  - Only plugins with matching version number are loaded by programs.
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 24 Oct 2025 13:22:53 +0000 (15:22 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Mon, 27 Oct 2025 13:02:59 +0000 (14:02 +0100)