Date: Mon, 19 Feb 2018 12:58:30 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 226043] security/strongswan: Update to 5.6.2 [CVE-2018-6459] Message-ID: <bug-226043-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D226043 Bug ID: 226043 Summary: security/strongswan: Update to 5.6.2 [CVE-2018-6459] Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: strongswan@Nanoteq.com Attachment #190795 maintainer-approval+ Flags: Flags: maintainer-feedback+ Created attachment 190795 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D190795&action= =3Dedit Update strongswan to 5.6.2 Update strongswan to 5.6.2 to fix vulnerability CVE-2018-6459. https://github.com/strongswan/strongswan/blob/master/NEWS Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures th= at was caused by insufficient input validation. One of the configurable parameters in algorithm identifier structures for RSASSA-PSS signatures is = the mask generation function (MGF). Only MGF1 is currently specified for this purpose. However, this in turn takes itself a parameter that specifies the underlying hash function. strongSwan's parser did not correctly handle the case of this parameter being absent, causing an undefined data read. This vulnerability has been registered as CVE-2018-6459. Bug 220488 is also fixed as part of this patch. (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D220488) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-226043-13>