"A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered. All strongSwan versions since 5.0.1 may be affected." Note: I cannot access strongswan.org sites at the moment to take a look at original advisories. * https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html * https://www.strongswan.org/blog/2018/05/28/strongswan-5.6.3-released.html Gentoo Security Scout Vladimir Krstulja Reproducible: Always
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201811-16 at https://security.gentoo.org/glsa/201811-16 by GLSA coordinator Aaron Bauman (b-man).