Skip to content
Commit e43efb9b authored by Peter Korsgaard's avatar Peter Korsgaard Committed by Thomas Petazzoni
Browse files

strongswan: add upstream security patches 

Fixes:

CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't
validated sufficiently before attempting signature verification, so that
invalid input might lead to a floating point exception and crash of the
process.  A certificate with an appropriately prepared public key sent by a
peer could be used for a denial-of-service attack.

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html

CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1
parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically
crafted certificate.

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html



Signed-off-by: default avatarPeter Korsgaard <peter@korsgaard.com>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
parent e1c2c432
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment