-
strongswan (5.9.8-3ubuntu4.1) lunar-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow When Handling DH Public Values
- debian/patches/CVE-2023-41913.patch: Validate DH public key to fix
potential buffer overflow in
src/charon-tkm/src/tkm/tkm_diffie_hellman.c.
- CVE-2023-41913
-- Marc Deslauriers <email address hidden> Tue, 07 Nov 2023 11:45:01 +0200
-
strongswan (5.9.8-3ubuntu4) lunar; urgency=medium
* d/t/utils: also give `cloud-init status --wait` the same amount of
${limit} seconds to complete, and bump limit to 5min. The logs show
the container started up fine, with an IP.
-- Andreas Hasenack <email address hidden> Mon, 06 Mar 2023 11:00:58 -0300
-
strongswan (5.9.8-3ubuntu3) lunar; urgency=medium
* SECURITY UPDATE: Incorrectly Accepted Untrusted Public Key With
Incorrect Refcount
- debian/patches/CVE-2023-26463.patch: fix authentication bypass and
expired pointer dereference in src/libtls/tls_server.c.
- CVE-2023-26463
-- Marc Deslauriers <email address hidden> Thu, 02 Mar 2023 12:58:47 -0500
-
strongswan (5.9.8-3ubuntu2) lunar; urgency=medium
* d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl
(LP: #1999935)
-- Andreas Hasenack <email address hidden> Fri, 16 Dec 2022 16:07:51 -0300
-
strongswan (5.9.8-3ubuntu1) lunar; urgency=medium
* Merge with Debian unstable (LP: #1993449). Remaining changes:
- d/control: strongswan-starter hard-depends on strongswan-charon,
therefore bump the dependency from Recommends to Depends. At the same
time avoid a circular dependency by dropping
strongswan-charon->strongswan-starter from Depends to Recommends as the
binaries can work without the services but not vice versa.
- re-add post-quantum encryption algorithm (NTRU) (LP #1863749)
+ d/control: mention plugins in package description
+ d/rules: enable ntru at build time
+ d/libstrongswan-extra-plugins.install: ship config and shared objects
- Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
+ d/control: update libcharon-extra-plugins description.
+ d/libcharon-extra-plugins.install: install .so and conf files.
+ d/rules: add plugins to the configuration arguments.
- Remove conf files of plugins removed from libcharon-extra-plugins
+ The conf file of the following plugins were removed: eap-aka-3gpp2,
eap-sim-file, eap-sim-pcsc, eap-sim, eap-simaka-pseudonym,
eap-simaka-reauth, eap-simaka-sql, xauth-noauth.
+ Created d/libcharon-extra-plugins.maintscript to handle the removals
properly.
* Dropped:
- SECURITY UPDATE: Using Untrusted URIs for Revocation Checking
+ debian/patches/CVE-2022-40617.patch: do online revocation checks only
after basic trust chain validation in
src/libstrongswan/credentials/credential_manager.c.
+ CVE-2022-40617
[Included upstream in 5.9.8]
* Added:
- d/t/{control,host-to-host,utils}: new host-to-host test
(LP: #1999525)
-- Andreas Hasenack <email address hidden> Tue, 13 Dec 2022 11:04:24 -0300
-
strongswan (5.9.6-1ubuntu2) kinetic; urgency=medium
* SECURITY UPDATE: Using Untrusted URIs for Revocation Checking
- debian/patches/CVE-2022-40617.patch: do online revocation checks only
after basic trust chain validation in
src/libstrongswan/credentials/credential_manager.c.
- CVE-2022-40617
-- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 08:11:03 -0400