[Buildroot] [PATCH] strongswan: add upstream security patches

Peter Korsgaard peter at korsgaard.com
Thu Jun 1 14:40:46 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes:
 > CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't
 > validated sufficiently before attempting signature verification, so that
 > invalid input might lead to a floating point exception and crash of the
 > process.  A certificate with an appropriately prepared public key sent by a
 > peer could be used for a denial-of-service attack.

 > https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html

 > CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1
 > parser when parsing X.509 certificates with extensions that use such types.
 > This could lead to infinite looping of the thread parsing a specifically
 > crafted certificate.

 > https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list