Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 899964 (CVE-2023-26463) - <net-vpn/strongswan-5.9.10: denial of service but possibly even remote code execution
Summary: <net-vpn/strongswan-5.9.10: denial of service but possibly even remote code e...
Status: IN_PROGRESS
Alias: CVE-2023-26463
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.strongswan.org/blog/2023/...
Whiteboard: B2 [glsa?]
Keywords:
Depends on: 904537
Blocks:
  Show dependency tree
 
Reported: 2023-03-06 21:51 UTC by Conrad Kostecki
Modified: 2023-10-09 06:08 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Conrad Kostecki gentoo-dev 2023-03-06 21:51:54 UTC
strongSwan Vulnerability (CVE-2023-26463)

A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.

A user publicly reported a bug related certificate verification in TLS-based EAP methods that leads to an authentication bypass followed by an expired pointer dereference that results in a denial of service but possibly even remote code execution.

Fixed by 5.9.10 release:
https://www.strongswan.org/blog/2023/03/02/strongswan-5.9.10-released.html
Comment 1 Larry the Git Cow gentoo-dev 2023-03-14 23:14:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e946ce4d76ece04b512661469ce5550e1d505ae5

commit e946ce4d76ece04b512661469ce5550e1d505ae5
Author:     Dennis Eisele <kernlpanic@dennis-eisele.de>
AuthorDate: 2023-03-04 13:33:08 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-03-14 23:12:01 +0000

    net-vpn/strongswan: version bump to 5.9.10
    
    Bug: https://bugs.gentoo.org/899964
    Signed-off-by: Dennis Eisele <kernlpanic@dennis-eisele.de>
    Closes: https://github.com/gentoo/gentoo/pull/29924
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-vpn/strongswan/Manifest                 |   1 +
 net-vpn/strongswan/strongswan-5.9.10.ebuild | 318 ++++++++++++++++++++++++++++
 2 files changed, 319 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-19 04:11:51 UTC
Thanks!
Comment 3 Hans de Graaff gentoo-dev Security 2023-10-08 10:41:37 UTC
Ping. Please clean up vulnerable versions 5.9.8 and 5.9.9.
Comment 4 Larry the Git Cow gentoo-dev 2023-10-08 21:51:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=328181b0a39b56600ebba16a15ab14e3e4954b85

commit 328181b0a39b56600ebba16a15ab14e3e4954b85
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2023-10-08 21:50:15 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-10-08 21:51:41 +0000

    net-vpn/strongswan: drop 5.9.8, 5.9.9, 5.9.10
    
    Bug: https://bugs.gentoo.org/899964
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-vpn/strongswan/Manifest                 |   3 -
 net-vpn/strongswan/strongswan-5.9.10.ebuild | 318 ----------------------------
 net-vpn/strongswan/strongswan-5.9.8.ebuild  | 318 ----------------------------
 net-vpn/strongswan/strongswan-5.9.9.ebuild  | 318 ----------------------------
 4 files changed, 957 deletions(-)