CVE-2021-41991: The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b2be9c86d3a38312e787a30291c46e30b2da3bb commit 7b2be9c86d3a38312e787a30291c46e30b2da3bb Author: Philipp Rösner <rndxelement@protonmail.com> AuthorDate: 2021-12-29 22:46:06 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-01-02 14:15:30 +0000 net-vpn/strongswan: bump to 5.9.4 Added an ebuild for strongswan-5.9.4 with support for EAPI 8. Bug: https://bugs.gentoo.org/818841 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Philipp Roesner <rndxelement@protonmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> net-vpn/strongswan/Manifest | 1 + net-vpn/strongswan/strongswan-5.9.4.ebuild | 308 +++++++++++++++++++++++++++++ 2 files changed, 309 insertions(+)
I'm sorry I missed this, but thank you for the bump! Please cleanup remaining vulnerable ebuilds.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7387260e58f7f39705fa2c03024201eee834e8e9 commit 7387260e58f7f39705fa2c03024201eee834e8e9 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-06 17:43:24 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-06 17:43:34 +0000 net-vpn/strongswan: drop 5.9.6-r1, 5.9.7 Bug: https://bugs.gentoo.org/818841 Bug: https://bugs.gentoo.org/832460 Bug: https://bugs.gentoo.org/878887 Signed-off-by: John Helmert III <ajak@gentoo.org> net-vpn/strongswan/Manifest | 2 - .../files/strongswan-5.9.6-werror-security.patch | 20 -- net-vpn/strongswan/strongswan-5.9.6-r1.ebuild | 322 --------------------- net-vpn/strongswan/strongswan-5.9.7.ebuild | 318 -------------------- 4 files changed, 662 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5c311dfaab4c0172a4524ae5860106bcac33a694 commit 5c311dfaab4c0172a4524ae5860106bcac33a694 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 09:05:41 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 09:06:06 +0000 [ GLSA 202405-08 ] strongSwan: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/818841 Bug: https://bugs.gentoo.org/832460 Bug: https://bugs.gentoo.org/878887 Bug: https://bugs.gentoo.org/899964 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-08.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
