Summary: | <net-misc/strongswan-5.0.4: ECDSA is not properly handled (CVE-2013-2944) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Olipro <olipro+gentoopub> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexander, gurligebis, patrick, whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Olipro
2013-05-03 19:15:16 UTC
Bumped to 5.0.4 - please stabilize ASAP. Once stable, please remove version 5.0.0 from the tree, to prevent people installing that version, since it still has this issue. Thanks. CVE-2013-2944 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2944): strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. *** Bug 468008 has been marked as a duplicate of this bug. *** Arches, please test and mark stable: =net-misc/strongswan-5.0.4 Target KEYWORDS: "amd64 arm ppc ~ppc64 x86" amd64 stable x86 stable arm stable ppc stable Thanks for your work GLSA vote: yes GLSA vote: yes, request filed. This issue was resolved and addressed in GLSA 201309-02 at http://security.gentoo.org/glsa/glsa-201309-02.xml by GLSA coordinator Chris Reffett (creffett). |