From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 1 Oct 2018 08:26:08 +0000 (+0200)
Subject: NEWS: Add info about CVE-2018-17540
X-Git-Tag: 5.7.1~1
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=291c1acd4b78e4aa91b773d4dd633bb953d2e043;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2018-17540
---

diff --git a/NEWS b/NEWS
index 81c76e070d..18bf7e3dbe 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+strongswan-5.7.1
+----------------
+
+- Fixes a vulnerability in the gmp plugin triggered by crafted certificates with
+  RSA keys with very small moduli.  When verifying signatures with such keys,
+  the code patched with the fix for CVE-2018-16151/2 caused an integer underflow
+  and subsequent heap buffer overflow that results in a crash of the daemon.
+  The vulnerability has been registered as CVE-2018-17540.
+
+
 strongswan-5.7.0
 ----------------