CVE 2014-9221
strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.
Related bugs and status
CVE-2014-9221 (Candidate) is related to these bugs:
Bug #1309594: kernel-libipsec not loading
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1309594 | kernel-libipsec not loading | strongswan (Ubuntu) | Medium | Fix Released | ||
| 1309594 | kernel-libipsec not loading | strongswan (Ubuntu Trusty) | Undecided | Won't Fix | ||
Bug #1330504: strongSwan 5.1.3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1330504 | strongSwan 5.1.3 | strongswan (Ubuntu) | High | Fix Released | ||
Bug #1333655: strongSwan AppArmor profile does not allow user priv dropping
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1333655 | strongSwan AppArmor profile does not allow user priv dropping | strongswan (Ubuntu) | Wishlist | Fix Released | ||
Bug #1448870: Certificate policies cause rejections
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1448870 | Certificate policies cause rejections | strongswan (Ubuntu) | Undecided | Fix Released | ||
Bug #1451091: new upstream version 5.2.2
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1451091 | new upstream version 5.2.2 | strongswan (Ubuntu) | Wishlist | Fix Released | ||
Bug #1470277: strongswan apparmor profile doesn't permit xauth-pam
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1470277 | strongswan apparmor profile doesn't permit xauth-pam | strongswan (Ubuntu) | Undecided | Fix Released | ||
Bug #1505222: strongSwan AppArmor prevents CRL caching
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1505222 | strongSwan AppArmor prevents CRL caching | strongswan (Ubuntu) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
