[SECURITY] [DLA 3143-1] strongswan security update

2022-10-1020:00:12

lists.debian.org

155

strongswan

ipsec

vpn

denial of service

vulnerability

debian 10 buster

fix

upgrade

security advisory

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Debian LTS Advisory DLA-3143-1 [email protected]
https://www.debian.org/lts/security/ Chris Lamb
October 10, 2022 https://wiki.debian.org/LTS

Package : strongswan
Version : 5.7.2-1+deb10u3
CVE ID : CVE-2022-40617
Debian Bug : #1021271

It was discovered that there was a potential denial of service
vulnerability in strongswan, an IPsec VPN solution.

Strongswan could have queried URLs with untrusted certificates, and
this could potentially lead to a DoS attack by blocking the fetcher
thread.

For Debian 10 buster, this problem has been fixed in version
5.7.2-1+deb10u3.

We recommend that you upgrade your strongswan packages.

For the detailed security status of strongswan please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/strongswan

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11armelstrongswan-charon< 5.9.1-1+deb11u3strongswan-charon_5.9.1-1+deb11u3_armel.deb
Debian11armellibstrongswan-standard-plugins< 5.9.1-1+deb11u3libstrongswan-standard-plugins_5.9.1-1+deb11u3_armel.deb
Debian10i386strongswan-starter< 5.7.2-1+deb10u3strongswan-starter_5.7.2-1+deb10u3_i386.deb
Debian11s390xcharon-systemd< 5.9.1-1+deb11u3charon-systemd_5.9.1-1+deb11u3_s390x.deb
Debian11amd64strongswan-swanctl< 5.9.1-1+deb11u3strongswan-swanctl_5.9.1-1+deb11u3_amd64.deb
Debian11i386strongswan-scepclient< 5.9.1-1+deb11u3strongswan-scepclient_5.9.1-1+deb11u3_i386.deb
Debian11armelstrongswan-swanctl< 5.9.1-1+deb11u3strongswan-swanctl_5.9.1-1+deb11u3_armel.deb
Debian10amd64libcharon-extra-plugins< 5.7.2-1+deb10u3libcharon-extra-plugins_5.7.2-1+deb10u3_amd64.deb
Debian11ppc64ellibcharon-extauth-plugins< 5.9.1-1+deb11u3libcharon-extauth-plugins_5.9.1-1+deb11u3_ppc64el.deb
Debian11mips64ellibcharon-extauth-plugins-dbgsym< 5.9.1-1+deb11u3libcharon-extauth-plugins-dbgsym_5.9.1-1+deb11u3_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	armel	strongswan-charon	< 5.9.1-1+deb11u3	strongswan-charon_5.9.1-1+deb11u3_armel.deb
Debian	11	armel	libstrongswan-standard-plugins	< 5.9.1-1+deb11u3	libstrongswan-standard-plugins_5.9.1-1+deb11u3_armel.deb
Debian	10	i386	strongswan-starter	< 5.7.2-1+deb10u3	strongswan-starter_5.7.2-1+deb10u3_i386.deb
Debian	11	s390x	charon-systemd	< 5.9.1-1+deb11u3	charon-systemd_5.9.1-1+deb11u3_s390x.deb
Debian	11	amd64	strongswan-swanctl	< 5.9.1-1+deb11u3	strongswan-swanctl_5.9.1-1+deb11u3_amd64.deb
Debian	11	i386	strongswan-scepclient	< 5.9.1-1+deb11u3	strongswan-scepclient_5.9.1-1+deb11u3_i386.deb
Debian	11	armel	strongswan-swanctl	< 5.9.1-1+deb11u3	strongswan-swanctl_5.9.1-1+deb11u3_armel.deb
Debian	10	amd64	libcharon-extra-plugins	< 5.7.2-1+deb10u3	libcharon-extra-plugins_5.7.2-1+deb10u3_amd64.deb
Debian	11	ppc64el	libcharon-extauth-plugins	< 5.9.1-1+deb11u3	libcharon-extauth-plugins_5.9.1-1+deb11u3_ppc64el.deb
Debian	11	mips64el	libcharon-extauth-plugins-dbgsym	< 5.9.1-1+deb11u3	libcharon-extauth-plugins-dbgsym_5.9.1-1+deb11u3_mips64el.deb