Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 628606 (CVE-2017-11185)

Summary: <net-vpn/strongswan-5.6.0: remote denial of service via crafted RSA signature
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gurligebis, patrick
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.strongswan.org/blog/2017/08/14/strongswan-5.6.0-released.html
Whiteboard: B3 [noglsa cve]
Package list:
=net-vpn/strongswan-5.6.0-r1
 Runtime testing required: ---

Description Aleksandr Wagner (Kivak) 2017-08-22 14:29:10 UTC 
CVE-2017-11185 (https://nvd.nist.gov/vuln/detail/CVE-2017-11185):

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

References:

https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-%28cve-2017-11185%29.html

Patch:

https://download.strongswan.org/security/CVE-2017-11185/

@ Maintainer(s): Please provide either a patched ebuild or newer version. Please state if ready for stabilization after.
Comment 1 Patrick Lauer gentoo-dev 2017-09-24 17:30:38 UTC 
Ebuild for 5.6.0 has been committed
Comment 2 Aleksandr Wagner (Kivak) 2017-09-24 19:36:11 UTC 
@ Maintainer(s): Please state when the ebuild is ready for stabilization.
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-01-23 01:53:39 UTC 
@arches, please stabilize.
Comment 4 Agostino Sarubbo gentoo-dev 2018-01-23 16:42:17 UTC 
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-26 18:22:29 UTC 
x86 stable
Comment 6 Markus Meier gentoo-dev 2018-02-05 21:19:08 UTC 
arm stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-03-03 22:19:37 UTC 
ppc stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-17 10:18:29 UTC 
GLSA Vote: No!
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2018-10-17 10:20:42 UTC 
Cleanup via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75954cf504602db95aafcb1e80fe1e01b1f3ec22

Repository is clean, all done.