Package: strongswan | Debian Sources

Package: strongswan / 5.9.8-5+deb12u1

Metadata

Package	Version	Patches format
strongswan	5.9.8-5+deb12u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
02_disable bypass lan.patch \| (download)	conf/plugins/bypass-lan.conf \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	don't load bypass-lan plugin by default
03_systemd service.patch \| (download)	init/systemd-starter/strongswan-starter.service.in \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	tune the ipsec systemd service file - add a reload argument - don't wait on syslog
04_disable libtls tests.patch \| (download)	src/libtls/Makefile.am \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	disable libtls tests They're too intensive for the buildd network and cause FTBFS
dont load kernel libipsec plugin by default.patch \| (download)	conf/plugins/kernel-libipsec.conf \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	dont-load-kernel-libipsec-plugin-by-default
0005 libtls Fix authentication bypass and expired pointer.patch \| (download)	src/libtls/tls_server.c \| 8 4 + 4 - 0 ! 1 file changed, 4 insertions(+), 4 deletions(-)	libtls: fix authentication bypass and expired pointer dereference `public` is returned, but previously only if a trusted key was found. We obviously don't want to return untrusted keys. However, since the reference is released after determining the key type, the returned object also doesn't have the correct refcount. So when the returned reference is released after verifying the TLS signature, the public key object is actually destroyed. The certificate object then points to an expired pointer, which is dereferenced once it itself is destroyed after the authentication is complete. Depending on whether the pointer is valid (i.e. points to memory allocated to the process) and what was allocated there after the public key was freed, this could result in a segmentation fault or even code execution. Fixes: 63fd718915b5 ("libtls: call create_public_enumerator() with key_type") Fixes: CVE-2023-26463
0006 charon tkm Validate DH public key to fix potential b.patch \| (download)	src/charon-tkm/src/tkm/tkm_diffie_hellman.c \| 7 6 + 1 - 0 ! 1 file changed, 6 insertions(+), 1 deletion(-)	charon-tkm: validate dh public key to fix potential buffer overflow Seems this was forgotten in the referenced commit and actually could lead to a buffer overflow. Since charon-tkm is untrusted this isn't that much of an issue but could at least be easily exploited for a DoS attack as DH public values are set when handling IKE_SA_INIT requests.

1