CVE-2018-17540 (https://nvd.nist.gov/vuln/detail/CVE-2018-17540): The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. CVE-2018-16151 (https://nvd.nist.gov/vuln/detail/CVE-2018-16151): In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. CVE-2018-16152 (https://nvd.nist.gov/vuln/detail/CVE-2018-16152): In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
@ Arches, please test and mark stable: =net-vpn/strongswan-5.7.1
amd64 stable
x86 stable
arm stable
ppc stable
GLSA Vote: Yes New GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0ff4971ff0d25924489c8c968ee96d7d7759d8f commit c0ff4971ff0d25924489c8c968ee96d7d7759d8f Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-11-15 12:35:20 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-11-15 12:35:20 +0000 net-vpn/strongswan: security cleanup Bug: https://bugs.gentoo.org/668862 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-vpn/strongswan/Manifest | 3 - net-vpn/strongswan/strongswan-5.6.0-r1.ebuild | 303 -------------------------- net-vpn/strongswan/strongswan-5.6.2.ebuild | 303 -------------------------- net-vpn/strongswan/strongswan-5.6.3.ebuild | 303 -------------------------- 4 files changed, 912 deletions(-)
This issue was resolved and addressed in GLSA 201811-16 at https://security.gentoo.org/glsa/201811-16 by GLSA coordinator Aaron Bauman (b-man).