Yves-Alexis Perez · Yves-Alexis Perez · Yves-Alexis Perez · Yves-Alexis Perez · cbc4515c · cbc4515c
--- a/debian/changelog
+++ b/debian/changelog
+strongswan (5.2.1-6+deb8u6) jessie-security; urgency=medium
+
+  * d/p/CVE-2018-10811.patch added, fix missing initialization of a variable
+    in IKEv2 key derivation (CVE-2018-10811)
+  * d/p/CVE-2018-5388 added, fix insufficient validation in the stroke plugin
+    (CVE-2018-5388)
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Thu, 14 Jun 2018 10:13:44 +0200
+
 strongswan (5.2.1-6+deb8u5) jessie-security; urgency=medium

  * debian/patches:

--- a/debian/patches/CVE-2018-10811.patch
+++ b/debian/patches/CVE-2018-10811.patch
+From b450318c15496f89e7c93392c9b5d2c6045c7de9 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 19 Mar 2018 17:03:05 +0100
+Subject: [PATCH] ikev2: Initialize variable in case set_key() or
+ allocate_bytes() fails
+
+In case the PRF's set_key() or allocate_bytes() method failed, skeyseed
+was not initialized and the chunk_clear() call later caused a crash.
+
+This could have happened with OpenSSL in FIPS mode when MD5 was
+negotiated (and test vectors were not checked, in which case the PRF
+couldn't be instantiated as the test vectors would have failed).
+MD5 is not included in the default proposal anymore since 5.6.1, so
+with recent versions this could only happen with configs that are not
+valid in FIPS mode anyway.
+
+Fixes: CVE-2018-10811
+---
+ src/libcharon/sa/ikev2/keymat_v2.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
+index 0c41c68d0118..8b20d1ce986f 100644
+--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
+@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
+ 	chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
+ 	pseudo_random_function_t rekey_function, chunk_t rekey_skd)
+ {
+-	chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
+-	chunk_t spi_i, spi_r;
+	chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
+	chunk_t prf_plus_seed, spi_i, spi_r;
+ 	prf_plus_t *prf_plus = NULL;
+ 	u_int16_t alg, key_size, int_alg;
+ 	prf_t *rekey_prf = NULL;
+-- 
+2.7.4
+
+
--- a/debian/patches/CVE-2018-5388.patch
+++ b/debian/patches/CVE-2018-5388.patch
+From 0acd1ab4d08d53d80393b1a37b8781f6e7b2b996 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Tue, 13 Mar 2018 18:54:08 +0100
+Subject: [PATCH] stroke: Ensure a minimum message length
+
+---
+ src/libcharon/plugins/stroke/stroke_socket.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
+index c568440b7..1e7f210e9 100644
+--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
+@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
+ 		}
+ 		return FALSE;
+ 	}
+	if (len < offsetof(stroke_msg_t, buffer))
+	{
+		DBG1(DBG_CFG, "invalid stroke message length %d", len);
+		return FALSE;
+	}
+ 
+ 	/* read message (we need an additional byte to terminate the buffer) */
+ 	msg = malloc(len + 1);
+-- 
+2.17.1
+
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,5 @@ CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
 CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
 0001-openssl-Don-t-pre-initialize-OpenSSL-HMAC-with-an-em.patch
 CVE-2017-11185.patch
+CVE-2018-10811.patch
+CVE-2018-5388.patch