Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • carlespina/po-debconf-manager-strongswan
  • ahasenack/strongswan
  • sdeziel-guest/strongswan
  • paride/strongswan
  • kanashiro/strongswan
  • debian/strongswan
  • paelzer-guest/strongswan
7 results
Show changes
Commits on Source (4)
Hide whitespace changes
Inline Side-by-side
debian/changelog
View file @ 54bfec0a
strongswan (5.5.1-4+deb9u2) stretch-security; urgency=medium
* debian/patches:
- CVE-2018-10811 added, fix missing initialization of a variable in IKEv2
key derivation (CVE-2018-10811)
- CVE-2018-5388 added, fix insufficient validation in the stroke plugin
(CVE-2018-5388)
-- Yves-Alexis Perez <corsac@debian.org> Mon, 04 Jun 2018 17:55:33 +0200
strongswan (5.5.1-4+deb9u1) stretch-security; urgency=medium
* debian/patches:
......
debian/patches/CVE-2018-10811.patch 0 → 100644
View file @ 54bfec0a
From b450318c15496f89e7c93392c9b5d2c6045c7de9 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 19 Mar 2018 17:03:05 +0100
Subject: [PATCH] ikev2: Initialize variable in case set_key() or
allocate_bytes() fails
In case the PRF's set_key() or allocate_bytes() method failed, skeyseed
was not initialized and the chunk_clear() call later caused a crash.
This could have happened with OpenSSL in FIPS mode when MD5 was
negotiated (and test vectors were not checked, in which case the PRF
couldn't be instantiated as the test vectors would have failed).
MD5 is not included in the default proposal anymore since 5.6.1, so
with recent versions this could only happen with configs that are not
valid in FIPS mode anyway.
Fixes: CVE-2018-10811
---
src/libcharon/sa/ikev2/keymat_v2.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 0c41c68d0118..8b20d1ce986f 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -303,8 +303,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
- chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
- chunk_t spi_i, spi_r;
+ chunk_t skeyseed = chunk_empty, key, secret, full_nonce, fixed_nonce;
+ chunk_t prf_plus_seed, spi_i, spi_r;
prf_plus_t *prf_plus = NULL;
uint16_t alg, key_size, int_alg;
prf_t *rekey_prf = NULL;
--
2.7.4
debian/patches/CVE-2018-5388.patch 0 → 100644
View file @ 54bfec0a
From 0acd1ab4d08d53d80393b1a37b8781f6e7b2b996 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 13 Mar 2018 18:54:08 +0100
Subject: [PATCH] stroke: Ensure a minimum message length
---
src/libcharon/plugins/stroke/stroke_socket.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index c568440b7..1e7f210e9 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -627,6 +627,11 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream)
}
return FALSE;
}
+ if (len < offsetof(stroke_msg_t, buffer))
+ {
+ DBG1(DBG_CFG, "invalid stroke message length %d", len);
+ return FALSE;
+ }
/* read message (we need an additional byte to terminate the buffer) */
msg = malloc(len + 1);
--
2.17.1
debian/patches/series
View file @ 54bfec0a
......@@ -4,3 +4,5 @@
CVE-2017-9022_insufficient_input_validation_gmp_plugin.patch
CVE-2017-9023_incorrect_handling_of_choice_types_in_asn1_parser.patch
CVE-2017-11185.patch
CVE-2018-10811.patch
CVE-2018-5388.patch