Home Unlabelled USN-2450-1: strongSwan vulnerability

USN-2450-1: strongSwan vulnerability

By
Monday, January 05, 2015
Read
Add Comment

Ubuntu Security Notice USN-2450-1


5th January, 2015


strongswan vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 14.10

  • Ubuntu 14.04 LTS


Summary


strongSwan could be made to crash or run programs if it received specially crafted network traffic.


Software description



  • strongswan - IPsec VPN solution


Details


Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2

payloads that contained the Diffie-Hellman group 1025. A remote attacker

could use this issue to cause the IKE daemon to crash, resulting in a

denial of service.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 14.10:

strongswan-ike 5.1.2-0ubuntu3.2

Ubuntu 14.04 LTS:

strongswan-ike 5.1.2-0ubuntu2.2


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


In general, a standard system update will make all the necessary changes.


References


CVE-2014-9221






from Ubuntu Security Notices http://bit.ly/1xKgm3l
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us