[ubuntu/wily-proposed] strongswan 5.1.2-0ubuntu6 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Jun 8 17:10:17 UTC 2015
strongswan (5.1.2-0ubuntu6) wily; urgency=medium
* SECURITY UPDATE: user credential disclosure to rogue servers
- debian/patches/CVE-2015-4171.patch: enforce remote authentication
config before proceeding with own authentication in
src/libcharon/sa/ikev2/tasks/ike_auth.c.
- CVE-2015-4171
* debian/rules: don't FTBFS from unused service file
Date: Mon, 08 Jun 2015 12:50:38 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Jun 2015 12:50:38 -0400
Source: strongswan
Binary: strongswan libstrongswan strongswan-dbg strongswan-starter strongswan-ike strongswan-nm strongswan-plugin-af-alg strongswan-plugin-agent strongswan-plugin-attr-sql strongswan-plugin-certexpire strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp strongswan-plugin-dnscert strongswan-plugin-dnskey strongswan-plugin-duplicheck strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-md5 strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-peap strongswan-plugin-eap-radius strongswan-plugin-eap-sim strongswan-plugin-eap-sim-file strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-eap-simaka-reauth strongswan-plugin-eap-simaka-sql strongswan-plugin-eap-tls strongswan-plugin-eap-tnc strongswan-plugin-eap-ttls strongswan-plugin-error-notify strongswan-plugin-farp strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp
strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester strongswan-plugin-lookip strongswan-plugin-mysql strongswan-plugin-ntru strongswan-plugin-openssl strongswan-plugin-pgp strongswan-plugin-pkcs11 strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sql strongswan-plugin-sqlite strongswan-plugin-soup strongswan-plugin-sshkey strongswan-plugin-systime-fix strongswan-plugin-unbound strongswan-plugin-unity strongswan-plugin-whitelist strongswan-plugin-xauth-eap strongswan-plugin-xauth-generic strongswan-plugin-xauth-noauth strongswan-plugin-xauth-pam strongswan-pt-tls-client strongswan-tnc-ifmap strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server strongswan-tnc-pdp strongswan-ikev1
strongswan-ikev2
Architecture: source
Version: 5.1.2-0ubuntu6
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-dbg - strongSwan library and binaries - debugging symbols
strongswan-ike - strongSwan Internet Key Exchange (v2) daemon
strongswan-ikev1 - strongswan IKEv1 daemon, transitional package
strongswan-ikev2 - strongswan IKEv2 daemon, transitional package
strongswan-nm - strongSwan charon for interaction with NetworkManager
strongswan-plugin-af-alg - strongSwan plugin for AF_ALG Linux crypto API interface
strongswan-plugin-agent - strongSwan plugin for accessing private keys via ssh-agent
strongswan-plugin-attr-sql - strongSwan plugin for providing IKE attributes from databases
strongswan-plugin-certexpire - strongSwan plugin for exporting expiration dates of certificates
strongswan-plugin-coupling - strongSwan plugin for permanent peer certificate coupling
strongswan-plugin-curl - strongSwan plugin for the libcurl based HTTP/FTP fetcher
strongswan-plugin-dhcp - strongSwan plugin for forwarding DHCP request to a server
strongswan-plugin-dnscert - strongSwan plugin for authentication via CERT RRs
strongswan-plugin-dnskey - strongSwan plugin for parsing RFC 4034 public keys
strongswan-plugin-duplicheck - strongSwan plugin for duplicheck functionality
strongswan-plugin-eap-aka - strongSwan plugin for generic EAP-AKA protocol handling
strongswan-plugin-eap-aka-3gpp2 - strongSwan plugin for the 3GPP2-based EAP-AKA backend
strongswan-plugin-eap-dynamic - strongSwan plugin for dynamic EAP method selection
strongswan-plugin-eap-gtc - strongSwan plugin for EAP-GTC protocol handler
strongswan-plugin-eap-md5 - strongSwan plugin for EAP-MD5 protocol handler
strongswan-plugin-eap-mschapv2 - strongSwan plugin for EAP-MSCHAPv2 protocol handler
strongswan-plugin-eap-peap - strongSwan plugin for EAP-PEAP protocol handler
strongswan-plugin-eap-radius - strongSwan plugin for EAP interface to a RADIUS server
strongswan-plugin-eap-sim - strongSwan plugin for generic EAP-SIM protocol handling
strongswan-plugin-eap-sim-file - strongSwan plugin for EAP-SIM credentials from files
strongswan-plugin-eap-sim-pcsc - strongSwan plugin for EAP-SIM credentials on smartcards
strongswan-plugin-eap-simaka-pseudonym - strongSwan plugin for the EAP-SIM/AKA identity database
strongswan-plugin-eap-simaka-reauth - strongSwan plugin for the EAP-SIM/AKA reauthentication database
strongswan-plugin-eap-simaka-sql - strongSwan plugin for SQL-based EAP-SIM/AKA backend reading
strongswan-plugin-eap-tls - strongSwan plugin for the EAP-TLS protocol handler
strongswan-plugin-eap-tnc - strongSwan plugin for the EAP-TNC protocol handler
strongswan-plugin-eap-ttls - strongSwan plugin for the EAP-TTLS protocol handler
strongswan-plugin-error-notify - strongSwan plugin for error notifications
strongswan-plugin-farp - strongSwan plugin for faking ARP responses
strongswan-plugin-fips-prf - strongSwan plugin for PRF specified by FIPS
strongswan-plugin-gcrypt - strongSwan plugin for gcrypt
strongswan-plugin-gmp - strongSwan plugin for libgmp based crypto
strongswan-plugin-ipseckey - strongSwan plugin for authentication via IPSECKEY RRs
strongswan-plugin-kernel-libipsec - strongSwan plugin for a IPsec backend that entirely in userland
strongswan-plugin-ldap - strongSwan plugin for LDAP CRL fetching
strongswan-plugin-led - strongSwan plugin for LEDs blinking on IKE activity
strongswan-plugin-load-tester - strongSwan plugin for load testing
strongswan-plugin-lookip - strongSwan plugin for lookip interface
strongswan-plugin-mysql - strongSwan plugin for MySQL
strongswan-plugin-ntru - strongSwan plugin for NTRU crypto
strongswan-plugin-openssl - strongSwan plugin for OpenSSL
strongswan-plugin-pgp - strongSwan plugin for PGP encoding/decoding routines
strongswan-plugin-pkcs11 - strongSwan plugin for PKCS#11 smartcard backend
strongswan-plugin-pubkey - strongSwan plugin for raw public keys
strongswan-plugin-radattr - strongSwan plugin for custom RADIUS attribute processing
strongswan-plugin-soup - strongSwan plugin for the libsoup based HTTP fetcher
strongswan-plugin-sql - strongSwan plugin for SQL configuration and credentials
strongswan-plugin-sqlite - strongSwan plugin for SQLite
strongswan-plugin-sshkey - strongSwan plugin for SSH key decoding routines
strongswan-plugin-systime-fix - strongSwan plugin for system time fixing
strongswan-plugin-unbound - strongSwan plugin for DNSSEC-enabled resolver using libunbound
strongswan-plugin-unity - strongSwan plugin for IKEv1 Cisco Unity Extensions
strongswan-plugin-whitelist - strongSwan plugin for peer-verification against a whitelist
strongswan-plugin-xauth-eap - strongSwan plugin for XAuth backend using EAP methods
strongswan-plugin-xauth-generic - strongSwan plugin for the generic XAuth backend
strongswan-plugin-xauth-noauth - strongSwan plugin for the generic XAuth backend
strongswan-plugin-xauth-pam - strongSwan plugin for XAuth backend using PAM
strongswan-pt-tls-client - strongSwan TLS-based Posture Transport (PT) protocol client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-tnc-base - strongSwan Trusted Network Connect's (TNC) - base files
strongswan-tnc-client - strongSwan Trusted Network Connect's (TNC) - client files
strongswan-tnc-ifmap - strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP clie
strongswan-tnc-pdp - strongSwan plugin for Trusted Network Connect's (TNC) PDP
strongswan-tnc-server - strongSwan Trusted Network Connect's (TNC) - server files
Changes:
strongswan (5.1.2-0ubuntu6) wily; urgency=medium
.
* SECURITY UPDATE: user credential disclosure to rogue servers
- debian/patches/CVE-2015-4171.patch: enforce remote authentication
config before proceeding with own authentication in
src/libcharon/sa/ikev2/tasks/ike_auth.c.
- CVE-2015-4171
* debian/rules: don't FTBFS from unused service file
Checksums-Sha1:
be2752033cc39cbbe65585202d5b239e3c09970a 8172 strongswan_5.1.2-0ubuntu6.dsc
5c0f3fc82906efefac9ed6764f7834ba9176ed9d 128168 strongswan_5.1.2-0ubuntu6.debian.tar.xz
Checksums-Sha256:
7e952e984373c87c516d4deb22bc514f5b3b8c81da77e9dc6ea2ee13890ff5b7 8172 strongswan_5.1.2-0ubuntu6.dsc
34234a79780054b95be607cd2ab31f34848f533dc9a2ea77eba6e7b8db3d8e59 128168 strongswan_5.1.2-0ubuntu6.debian.tar.xz
Files:
0d4ba5dee39019205cd238927a1bfd9e 8172 net optional strongswan_5.1.2-0ubuntu6.dsc
f3a3a9de5dd09fabe85780854d52f627 128168 net optional strongswan_5.1.2-0ubuntu6.debian.tar.xz
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVdcrGAAoJEGVp2FWnRL6T7o4QALrDa+S1IzN975uWIWOjfdTL
2c4l9YVfwKPza+42fg7clVWIMsO3xp1m+Rpp8QBS/vFS9kFDPIjkg+1EdBPPK26J
+OalU1qGXTpWvz87O305WmAMnWtsa+DUksMSnnJKqhcr3z+uYt9jUwZqE9c9cydJ
qWumnHv3259w144rQPyQ249L7Mgih5dhItw4wIgcclAhtCWeMtHelHE0O6NdFRH/
u5KL+qeTB//VTfKUGVV3TEW1xEgGowuUtYvNVpDuG/JUC7i1aTzQTcUJQplgar1p
DA2/38U3caFyO1ENhf5X/r/BPYqtOchaDkDq2evsj+INp55OrunGjmCZGgBJCmF/
I9pWeLwcxrY+2ww20yBb8hKSzYowo1ckn3xpS+qa5NxcYMZo+99j2cxYFAYqgoIw
nQR5ch0te31Rx8tHDfZFDiKd+XiQSrszF8X4TJu9khWhBPRPQbv2KgDNqyWezBp9
Fa7Ove8MBJYcCjJgeqsuytQ+7ustHxPPdUPJIMyx9qywR+AZP71yBkwIsCN960k4
kC/2l5uEj/M/OqbeLuiT63FDEsJbbjB7nO43Smxfqo+tEF3rc4BP3lFYHqMfMuhF
LedGQ9y6q3kEGmhd/thkGqchgYk3F9yULs3SVmu6Dqrl/gdP08m41yf1HCiTfTcu
2nzUEntux/4QW1EhwQI3
=Tyx4
-----END PGP SIGNATURE-----
More information about the Wily-changes
mailing list