Please merge strongswan 5.6.2-1 from Debian
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
strongswan (Ubuntu) |
Fix Released
|
Undecided
|
Christian Ehrhardt |
Bug Description
Strongswan 5.6.2 was released recently and there is an updated Debian package available in unstable. Please merge.
The most significant changes in Strongswan 5.6.2 are:
- Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation. This is CVE-2018-6459.
- Reliability improvements for MOBIKE.
- Ported the NetworkManager backend from the deprecated libnm-glib to libnm.
- Faster IKEv2 rekeying.
- save-keys plugin for Wireshark debugging of IPsec.
Additional changes in the Debian package strongswan_5.6.2-1:
- strongswan-
Although having the bypass-lan plugin available is definitely nice, it does have some bugs. If you decide to compile it like in the Debian package, please make sure it is disabled by default during runtime.
Related branches
- Andreas Hasenack: Approve
- Canonical Server: Pending requested
- git-ubuntu developers: Pending requested
-
Diff: 1989 lines (+1466/-96)18 files modifieddebian/changelog (+1082/-0)
debian/control (+128/-12)
debian/ipsec.secrets.proto (+0/-3)
debian/libcharon-extra-plugins.install (+64/-12)
debian/libcharon-standard-plugins.install (+19/-0)
debian/libstrongswan-extra-plugins.install (+58/-0)
debian/libstrongswan.install (+11/-6)
debian/patches/dont-load-kernel-libipsec-plugin-by-default.patch (+11/-0)
debian/patches/series (+1/-0)
debian/rules (+50/-6)
debian/strongswan-starter.install (+4/-0)
debian/strongswan-starter.maintscript (+1/-0)
debian/strongswan-starter.postinst (+0/-57)
debian/strongswan-tnc-base.install (+16/-0)
debian/strongswan-tnc-client.install (+5/-0)
debian/strongswan-tnc-ifmap.install (+3/-0)
debian/strongswan-tnc-pdp.install (+3/-0)
debian/strongswan-tnc-server.install (+10/-0)
information type: | Private Security → Public Security |
Changed in strongswan (Ubuntu): | |
status: | New → Triaged |
Changed in strongswan (Ubuntu): | |
assignee: | nobody → ChristianEhrhardt (paelzer) |
status: | Triaged → In Progress |
FYI, the CVE was already fixed in 5.6.1-2ubuntu4.