Blog

Release and vulnerability announcements for strongSwan

strongSwan Vulnerability (CVE-2018-10811)

A denial-of-service vulnerability in the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF was discovered, all strongSwan versions since 5.0.1 may be affected.

security fix5.6.x5.5.x5.4.x5.3.x5.2.x5.1.x5.0.x

strongSwan Vulnerability (CVE-2018-5388)

A denial-of-service vulnerability in the stroke plugin was discovered in strongSwan. All versions are affected in certain configurations.

security fix5.6.x5.5.x5.4.x5.3.x5.2.x5.1.x5.0.x4.x

strongSwan Vulnerability (CVE-2018-6459)

A denial-of-service vulnerability in the parser for RSASSA-PSS signatures was discovered in strongSwan 5.6.1.

5.6.xsecurity fix

strongSwan Vulnerability (CVE-2017-11185)

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions are affected.

security fix4.x5.0.x5.1.x5.2.x5.3.x5.4.x5.5.x

strongSwan Vulnerability (CVE-2017-9022)

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions since 4.4.0 are affected.

4.x5.0.x5.1.x5.2.x5.3.x5.4.x5.5.xsecurity fix

strongSwan Vulnerability (CVE-2017-9023)

A denial-of-service vulnerability in the x509 plugin was discovered in strongSwan. All versions are affected.

4.x5.0.x5.1.x5.2.x5.3.x5.4.x5.5.xsecurity fix

strongSwan Vulnerability (CVE-2015-8023)

An authentication bypass vulnerability in the eap-mschapv2 plugin was discovered in strongSwan. All versions since 4.2.12 are affected.

security fix5.3.x5.2.x5.1.x5.0.x4.x

strongSwan Vulnerability (CVE-2015-4171)

An information leak vulnerability that affects certain IKEv2 setups was discovered in strongSwan. All versions since 4.3.0 are affected.

security fix5.3.x5.2.x5.1.x5.0.x4.x
Archive
2023 7
2022 7
2021 5
2020 4
2019 3
2018 10
2017 7
2016 3
2015 11
2014 6
2013 8
2012 6
Tags
release 52
security fix 25
5.0.x 23
5.1.x 20
5.9.x 20
5.3.x 19
5.2.x 16
4.x 15
5.5.x 14
5.6.x 13
5.4.x 11
5.8.x 10