[ubuntu/xenial-proposed] strongswan 5.1.2-0ubuntu7 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Nov 19 19:16:17 UTC 2015
strongswan (5.1.2-0ubuntu7) xenial; urgency=medium
* SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin
- debian/patches/CVE-2015-8023.patch: only succeed authentication if
MSK was established in
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
- CVE-2015-8023
* debian/patches/disable_ntru_test.patch: disable test causing FTBFS
until regression is properly investigated.
Date: Thu, 19 Nov 2015 14:00:17 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu7
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 19 Nov 2015 14:00:17 -0500
Source: strongswan
Binary: strongswan libstrongswan strongswan-dbg strongswan-starter strongswan-ike strongswan-nm strongswan-plugin-af-alg strongswan-plugin-agent strongswan-plugin-attr-sql strongswan-plugin-certexpire strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp strongswan-plugin-dnscert strongswan-plugin-dnskey strongswan-plugin-duplicheck strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-md5 strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-peap strongswan-plugin-eap-radius strongswan-plugin-eap-sim strongswan-plugin-eap-sim-file strongswan-plugin-eap-sim-pcsc strongswan-plugin-eap-simaka-pseudonym strongswan-plugin-eap-simaka-reauth strongswan-plugin-eap-simaka-sql strongswan-plugin-eap-tls strongswan-plugin-eap-tnc strongswan-plugin-eap-ttls strongswan-plugin-error-notify strongswan-plugin-farp strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp
strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester strongswan-plugin-lookip strongswan-plugin-mysql strongswan-plugin-ntru strongswan-plugin-openssl strongswan-plugin-pgp strongswan-plugin-pkcs11 strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sql strongswan-plugin-sqlite strongswan-plugin-soup strongswan-plugin-sshkey strongswan-plugin-systime-fix strongswan-plugin-unbound strongswan-plugin-unity strongswan-plugin-whitelist strongswan-plugin-xauth-eap strongswan-plugin-xauth-generic strongswan-plugin-xauth-noauth strongswan-plugin-xauth-pam strongswan-pt-tls-client strongswan-tnc-ifmap strongswan-tnc-base strongswan-tnc-client strongswan-tnc-server strongswan-tnc-pdp strongswan-ikev1
strongswan-ikev2
Architecture: source
Version: 5.1.2-0ubuntu7
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-dbg - strongSwan library and binaries - debugging symbols
strongswan-ike - strongSwan Internet Key Exchange (v2) daemon
strongswan-ikev1 - strongswan IKEv1 daemon, transitional package
strongswan-ikev2 - strongswan IKEv2 daemon, transitional package
strongswan-nm - strongSwan charon for interaction with NetworkManager
strongswan-plugin-af-alg - strongSwan plugin for AF_ALG Linux crypto API interface
strongswan-plugin-agent - strongSwan plugin for accessing private keys via ssh-agent
strongswan-plugin-attr-sql - strongSwan plugin for providing IKE attributes from databases
strongswan-plugin-certexpire - strongSwan plugin for exporting expiration dates of certificates
strongswan-plugin-coupling - strongSwan plugin for permanent peer certificate coupling
strongswan-plugin-curl - strongSwan plugin for the libcurl based HTTP/FTP fetcher
strongswan-plugin-dhcp - strongSwan plugin for forwarding DHCP request to a server
strongswan-plugin-dnscert - strongSwan plugin for authentication via CERT RRs
strongswan-plugin-dnskey - strongSwan plugin for parsing RFC 4034 public keys
strongswan-plugin-duplicheck - strongSwan plugin for duplicheck functionality
strongswan-plugin-eap-aka - strongSwan plugin for generic EAP-AKA protocol handling
strongswan-plugin-eap-aka-3gpp2 - strongSwan plugin for the 3GPP2-based EAP-AKA backend
strongswan-plugin-eap-dynamic - strongSwan plugin for dynamic EAP method selection
strongswan-plugin-eap-gtc - strongSwan plugin for EAP-GTC protocol handler
strongswan-plugin-eap-md5 - strongSwan plugin for EAP-MD5 protocol handler
strongswan-plugin-eap-mschapv2 - strongSwan plugin for EAP-MSCHAPv2 protocol handler
strongswan-plugin-eap-peap - strongSwan plugin for EAP-PEAP protocol handler
strongswan-plugin-eap-radius - strongSwan plugin for EAP interface to a RADIUS server
strongswan-plugin-eap-sim - strongSwan plugin for generic EAP-SIM protocol handling
strongswan-plugin-eap-sim-file - strongSwan plugin for EAP-SIM credentials from files
strongswan-plugin-eap-sim-pcsc - strongSwan plugin for EAP-SIM credentials on smartcards
strongswan-plugin-eap-simaka-pseudonym - strongSwan plugin for the EAP-SIM/AKA identity database
strongswan-plugin-eap-simaka-reauth - strongSwan plugin for the EAP-SIM/AKA reauthentication database
strongswan-plugin-eap-simaka-sql - strongSwan plugin for SQL-based EAP-SIM/AKA backend reading
strongswan-plugin-eap-tls - strongSwan plugin for the EAP-TLS protocol handler
strongswan-plugin-eap-tnc - strongSwan plugin for the EAP-TNC protocol handler
strongswan-plugin-eap-ttls - strongSwan plugin for the EAP-TTLS protocol handler
strongswan-plugin-error-notify - strongSwan plugin for error notifications
strongswan-plugin-farp - strongSwan plugin for faking ARP responses
strongswan-plugin-fips-prf - strongSwan plugin for PRF specified by FIPS
strongswan-plugin-gcrypt - strongSwan plugin for gcrypt
strongswan-plugin-gmp - strongSwan plugin for libgmp based crypto
strongswan-plugin-ipseckey - strongSwan plugin for authentication via IPSECKEY RRs
strongswan-plugin-kernel-libipsec - strongSwan plugin for a IPsec backend that entirely in userland
strongswan-plugin-ldap - strongSwan plugin for LDAP CRL fetching
strongswan-plugin-led - strongSwan plugin for LEDs blinking on IKE activity
strongswan-plugin-load-tester - strongSwan plugin for load testing
strongswan-plugin-lookip - strongSwan plugin for lookip interface
strongswan-plugin-mysql - strongSwan plugin for MySQL
strongswan-plugin-ntru - strongSwan plugin for NTRU crypto
strongswan-plugin-openssl - strongSwan plugin for OpenSSL
strongswan-plugin-pgp - strongSwan plugin for PGP encoding/decoding routines
strongswan-plugin-pkcs11 - strongSwan plugin for PKCS#11 smartcard backend
strongswan-plugin-pubkey - strongSwan plugin for raw public keys
strongswan-plugin-radattr - strongSwan plugin for custom RADIUS attribute processing
strongswan-plugin-soup - strongSwan plugin for the libsoup based HTTP fetcher
strongswan-plugin-sql - strongSwan plugin for SQL configuration and credentials
strongswan-plugin-sqlite - strongSwan plugin for SQLite
strongswan-plugin-sshkey - strongSwan plugin for SSH key decoding routines
strongswan-plugin-systime-fix - strongSwan plugin for system time fixing
strongswan-plugin-unbound - strongSwan plugin for DNSSEC-enabled resolver using libunbound
strongswan-plugin-unity - strongSwan plugin for IKEv1 Cisco Unity Extensions
strongswan-plugin-whitelist - strongSwan plugin for peer-verification against a whitelist
strongswan-plugin-xauth-eap - strongSwan plugin for XAuth backend using EAP methods
strongswan-plugin-xauth-generic - strongSwan plugin for the generic XAuth backend
strongswan-plugin-xauth-noauth - strongSwan plugin for the generic XAuth backend
strongswan-plugin-xauth-pam - strongSwan plugin for XAuth backend using PAM
strongswan-pt-tls-client - strongSwan TLS-based Posture Transport (PT) protocol client
strongswan-starter - strongSwan daemon starter and configuration file parser
strongswan-tnc-base - strongSwan Trusted Network Connect's (TNC) - base files
strongswan-tnc-client - strongSwan Trusted Network Connect's (TNC) - client files
strongswan-tnc-ifmap - strongSwan plugin for Trusted Network Connect's (TNC) IF-MAP clie
strongswan-tnc-pdp - strongSwan plugin for Trusted Network Connect's (TNC) PDP
strongswan-tnc-server - strongSwan Trusted Network Connect's (TNC) - server files
Changes:
strongswan (5.1.2-0ubuntu7) xenial; urgency=medium
.
* SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin
- debian/patches/CVE-2015-8023.patch: only succeed authentication if
MSK was established in
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
- CVE-2015-8023
* debian/patches/disable_ntru_test.patch: disable test causing FTBFS
until regression is properly investigated.
Checksums-Sha1:
8c2c89b1fba135eb00e6821264f82573fe23f911 8172 strongswan_5.1.2-0ubuntu7.dsc
881debd14793204f35629d17817363553d6e69d9 128820 strongswan_5.1.2-0ubuntu7.debian.tar.xz
Checksums-Sha256:
3daebc69b8d83d434fe6c4ba43069a625a06b8f51258f7c897a7ef4a9f36e5f0 8172 strongswan_5.1.2-0ubuntu7.dsc
f5d4e653489cca7ff44bb1d7f34bb3d5c578dd8705c8860ce839f5da0fbc68e8 128820 strongswan_5.1.2-0ubuntu7.debian.tar.xz
Files:
da1820e14c4226f23c083d0f8f7beb1a 8172 net optional strongswan_5.1.2-0ubuntu7.dsc
e63725dbb82ca11a503c619e5f4370d2 128820 net optional strongswan_5.1.2-0ubuntu7.debian.tar.xz
Original-Maintainer: strongSwan Maintainers <pkg-swan-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWTh6RAAoJEGVp2FWnRL6TwiwP+gPo9jy7Nmj3x3Eqg5MvGOIn
zW1wFbnhts0BbUsnHg37sEMNgUo0ZtrFHpsRBWS84W3Cn/XQ0owwT+MxSDJ7a0aA
2oPkKM/GtzJO6ByZVwyIaPC9yzv4em68qg9XakoGStzl4Dq+s9VMYTbrOJ/vzs6g
6UzDrAKmKVFDgYFlRQlEcrI9vzU2Xm4TBKFgQyypX/sv6eGdynGUBUPS6YmfaRMW
zNCXaS1LClVHuysaCV7pSK8e5HvCF8THmwNktNbxkaAyPDp6K4n9PxU7OuAcQk4c
xRmODzgW7SmnCf1v9QNFDaYXhOnXbdvTmk3x0P4pWwtfj0H7SkNxXQC2MZ+Z5vLp
f0aENUbOae1YPQtsjC0nSnHBqEf9qnPgwsekgtpMaZLhmu7Izy4XjqJeKIQlVRAL
SBG+lDdCYPi4I460YU3XOxe/sKeVvGElyyvdUeMBklSZK9ZKLPlNlFBxLu0OeGbi
jriNZDk9oNtr9MULZn4T+0eWQaNWG4KC3azdiH4qWPNL4MsTTNtUkDJS92VYil2O
St9tXRDBUNLufTnRjX2k2LaYiw1o72J84bLWygND2oZh5SAML4z9jklEW8qYTF+A
rLpJ7yI9NpIMtwIrnqD1x6wsZ33AJxgIf1pXKx+I7Q4m5Ab/CgHG2gcuZrZC7GoB
URG0s8Zv449v29EBIiLr
=U3tJ
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list