[ubuntu/vivid-proposed] strongswan 5.1.2-0ubuntu4 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Mon Jan 5 13:45:16 UTC 2015
strongswan (5.1.2-0ubuntu4) vivid; urgency=medium
* SECURITY UPDATE: denial of service via DH group 1025
- debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of
IKE DH range in src/libstrongswan/crypto/diffie_hellman.c,
src/libstrongswan/crypto/diffie_hellman.h.
- CVE-2014-9221
Date: Mon, 05 Jan 2015 08:25:29 -0500
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Jan 2015 08:25:29 -0500
Source: strongswan
Binary: strongswan libstrongswan strongswan-dbg strongswan-starter strongswan-ike strongswan-nm strongswan-plugin-af-alg strongswan-plugin-agent strongswan-plugin-attr-sql strongswan-plugin-certexpire strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp strongswan-plugin-dnscert strongswan-plugin-dnskey strongswan-plugin-duplicheck strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-md5 strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-peap strongswan-plugin-eap-radius strongswan-plugin-eap-sim strongswan-plugin-eap-sim-file strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-eap-simaka-reauth strongswan-plugin-eap-simaka-sql strongswan-plugin-eap-tls strongswan-plugin-eap-tnc strongswan-plugin-eap-ttls strongswan-plugin-error-notify strongswan-plugin-farp strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp
strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester strongswan-plugin-lookip strongswan-plugin-mysql strongswan-plugin-ntru strongswan-plugin-openssl strongswan-plugin-pgp strongswan-plugin-pkcs11 strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sql strongswan-plugin-sqlite strongswan-plugin-soup strongswan-plugin-sshkey strongswan-plugin-systime-fix strongswan-plugin-unbound strongswan-plugin-unity strongswan-plugin-whitelist strongswan-plugin-xauth-eap strongswan-plugin-xauth-generic strongswan-plugin-xauth-noauth strongswan-plugin-xauth-pam strongswan-pt-tls-client strongswan-tnc-ifmap strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server strongswan-tnc-pdp strongswan-ikev1
strongswan-ikev2
Architecture: source
Version: 5.1.2-0ubuntu4
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-dbg - strongSwan library and binaries - debugging symbols
strongswan-ike - strongSwan Internet Key Exchange (v2) daemon
strongswan-ikev1 - strongswan IKEv1 daemon, transitional package
strongswan-ikev2 - strongswan IKEv2 daemon, transitional package
strongswan-nm - strongSwan charon for interaction with NetworkManager
strongswan-plugin-af-alg - strongSwan plugin for AF_ALG Linux crypto API interface
strongswan-plugin-agent - strongSwan plugin for accessing private keys via ssh-agent
strongswan-plugin-attr-sql - strongSwan plugin for providing IKE attributes from databases
strongswan-plugin-certexpire - strongSwan plugin for exporting expiration dates of certificates
strongswan-plugin-coupling - strongSwan plugin for permanent peer certificate coupling
strongswan-plugin-curl - strongSwan plugin for the libcurl based HTTP/FTP fetcher
strongswan-plugin-dhcp - strongSwan plugin for forwarding DHCP request to a server
strongswan-plugin-dnscert - strongSwan plugin for authentication via CERT RRs
strongswan-plugin-dnskey - strongSwan plugin for parsing RFC 4034 public keys
strongswan-plugin-duplicheck - strongSwan plugin for duplicheck functionality
strongswan-plugin-eap-aka - strongSwan plugin for generic EAP-AKA protocol handling
strongswan-plugin-eap-aka-3gpp2 - strongSwan plugin for the 3GPP2-based EAP-AKA backend
strongswan-plugin-eap-dynamic - strongSwan plugin for dynamic EAP method selection
strongswan-plugin-eap-gtc - strongSwan plugin for EAP-GTC protocol handler
strongswan-plugin-eap-md5 - strongSwan plugin for EAP-MD5 protocol handler
strongswan-plugin-eap-mschapv2 - strongSwan plugin for EAP-MSCHAPv2 protocol handler
strongswan-plugin-eap-peap - strongSwan plugin for EAP-PEAP protocol handler
strongswan-plugin-eap-radius - strongSwan plugin for EAP interface to a RADIUS server
strongswan-plugin-eap-sim - strongSwan plugin for generic EAP-SIM protocol handling
strongswan-plugin-eap-sim-file - strongSwan plugin for EAP-SIM credentials from files
strongswan-plugin-eap-sim-pcsc - strongSwan plugin for EAP-SIM credentials on smartcards
strongswan-plugin-eap-simaka-pseudonym - strongSwan plugin for the EAP-SIM/AKA identity database
strongswan-plugin-eap-simaka-reauth - strongSwan plugin for the EAP-SIM/AKA reauthentication database
strongswan-plugin-eap-simaka-sql - strongSwan plugin for SQL-based EAP-SIM/AKA backend reading
strongswan-plugin-eap-tls - strongSwan plugin for the EAP-TLS protocol handler
strongswan-plugin-eap-tnc - strongSwan plugin for the EAP-TNC protocol handler
strongswan-plugin-eap-ttls - strongSwan plugin for the EAP-TTLS protocol handler
strongswan-plugin-error-notify - strongSwan plugin for error notifications
strongswan-plugin-farp - strongSwan plugin for faking ARP responses
strongswan-plugin-fips-prf - strongSwan plugin for PRF specified by FIPS
strongswan-plugin-gcrypt - strongSwan plugin for gcrypt
strongswan-plugin-gmp - strongSwan plugin for libgmp based crypto
strongswan-plugin-ipseckey - strongSwan plugin for authentication via IPSECKEY RRs
strongswan-plugin-kernel-libipsec - strongSwan plugin for a IPsec backend that entirely in userland
strongswan-plugin-ldap - strongSwan plugin for LDAP CRL fetching
strongswan-plugin-led - strongSwan plugin for LEDs blinking on IKE activity
strongswan-plugin-load-tester - strongSwan plugin for load testing
strongswan-plugin-lookip - strongSwan plugin for lookip interface
strongswan-plugin-mysql - strongSwan plugin for MySQL
strongswan-plugin-ntru - strongSwan plugin for NTRU crypto
strongswan-plugin-openssl - strongSwan plugin for OpenSSL
strongswan-plugin-pgp - strongSwan plugin for PGP encoding/decoding routines
strongswan-plugin-pkcs11 - strongSwan plugin for PKCS#11 smartcard backend
strongswan-plugin-pubkey - strongSwan plugin for raw public keys
strongswan-plugin-radattr - strongSwan plugin for custom RADIUS attribute processing
strongswan-plugin-soup - strongSwan plugin for the libsoup based HTTP fetcher
strongswan-plugin-sql - strongSwan plugin for SQL configuration and credentials
strongswan-plugin-sqlite - strongSwan plugin for SQLite
strongswan-plugin-sshkey - strongSwan plugin for SSH key decoding routines
strongswan-plugin-systime-fix - strongSwan plugin for system time fixing
strongswan-plugin-unbound - strongSwan plugin for DNSSEC-enabled resolver using libunbound
strongswan-plugin-unity - strongSwan plugin for IKEv1 Cisco Unity Extensions
strongswan-plugin-whitelist - strongSwan plugin for peer-verification against a whitelist
strongswan-plugin-xauth-eap - strongSwan plugin for XAuth backend using EAP methods
strongswan-plugin-xauth-generic - strongSwan plugin for the generic XAuth backend
strongswan-plugin-xauth-noauth - strongSwan plugin for the generic XAuth backend
strongswan-plugin-xauth-pam - strongSwan plugin for XAuth backend using PAM
strongswan-pt-tls-client - strongSwan TLS-based Posture Transport (PT) protocol client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-tnc-base - strongSwan Trusted Network Connect's (TNC) - base files
strongswan-tnc-client - strongSwan Trusted Network Connect's (TNC) - client files
strongswan-tnc-ifmap - strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP clie
strongswan-tnc-pdp - strongSwan plugin for Trusted Network Connect's (TNC) PDP
strongswan-tnc-server - strongSwan Trusted Network Connect's (TNC) - server files
Changes:
strongswan (5.1.2-0ubuntu4) vivid; urgency=medium
.
* SECURITY UPDATE: denial of service via DH group 1025
- debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of
IKE DH range in src/libstrongswan/crypto/diffie_hellman.c,
src/libstrongswan/crypto/diffie_hellman.h.
- CVE-2014-9221
Checksums-Sha1:
c0904ecdbc2821998dfc6f93281165be50420f8b 8160 strongswan_5.1.2-0ubuntu4.dsc
59cc3b7740988b3c67bb65a28b3fcab3ea650f04 126856 strongswan_5.1.2-0ubuntu4.debian.tar.xz
Checksums-Sha256:
3c150900dcca8739d7d5d002777f71021ed737cc882b9c1d1a628be32db6c571 8160 strongswan_5.1.2-0ubuntu4.dsc
8021372afc7fb9f196428e4ae112a2a4a052ca16f4f40ada2b853821af65617d 126856 strongswan_5.1.2-0ubuntu4.debian.tar.xz
Files:
661f3686625926b50b827f70b77edc30 8160 net optional strongswan_5.1.2-0ubuntu4.dsc
ad7a0b15ba42b6a9677ec87fba805c8f 126856 net optional strongswan_5.1.2-0ubuntu4.debian.tar.xz
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUqpOnAAoJEGVp2FWnRL6TdrcP/iLTs3W6fR7uNjDUzGe7WlNN
BasZLYhBUFAT5gD+l/7WeyZKAdrbj23MvHJAEqmbqLdjwR+mL9f5j8cwsG+N4wV/
RHg/saGp406/q3nbCVoPOLa6m+QAJmhtvySv4YJW0LFOlpQjASvpo0xSuWfeunMy
hrhctKhUfKyZA5xxszEkr8SGsZ6+nL+oCzgkmZdv325/15vUQhOZ5+RlaqRCrOxy
bv6yRW/Ud6w3C2CZgjAFSv4Ws3D1CesiYHcVECmNSo8FjilwHtw7rF8cvw2GyRT4
67XOyhdqicdjMhMH+3tzNCIdCOfBW0apEQZpOrQUrFl6Gtv/3VqyL6gBTGAM6vP/
aS5GJRI1HI6UVYMrzHFdBlz1QhZJ5PQEymiRVbtFVH8Wh41e8tjVps5SvpY7GN46
Z17kyIWuhXEL8gbpDnJEVhewVTZmJPpu408Yk6zm5HLEM73hHIQZNxrlhze5gC1X
GFTJgMxbPc/sxDhp2yHCOs6b8FYeofkC4zEvocarMpC8nR2UzyT5XLrC9tHCVedi
YM2ctO9gi5klrPFcy58SnOlNwvuIs55EfR/LIPNePAFAGog4aXvh5ztKHo+4gWP6
jZSmy0SKK6qnhRphnydF5Rm9CNj0LSdhrZBAdeDC/MNQv/SmGyh9Rnctts/Aj5hD
8ChdtQgptOPjpzUC1SZ+
=xtsC
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list