Summary: | <net-misc/strongswan-5.1.3: "ID_DER_ASN1_DN" ID Payload Parsing Denial of Service Vulnerability (CVE-2014-2891) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gurligebis, patrick |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/58398/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 507722 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2014-05-08 07:36:12 UTC
The 5.1.3 version is already in the tree, and only the PPC arch is missing from stable. So if just PPC could stabilize it, we can remove the 5.1.1 version completely, and be done. Versions since 4.3.3 and before 5.1.2 are affected. 5.1.3 is being stabilized as part of Bug 507722. Setting as blocker. Old version has been removed, so now only the fixed version is in the tree. CVE-2014-2891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2891): strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201412-26 at http://security.gentoo.org/glsa/glsa-201412-26.xml by GLSA coordinator Sean Amoss (ackle). |