Blog

Release and vulnerability announcements for strongSwan

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.

A vulnerability related to online certificate revocation checking was discovered in strongSwan that can lead to a denial-of-service attack. All versions may be affected.

A vulnerability in the EAP client implementation was discovered in strongSwan. All versions since 4.1.2 are affected.

A denial-of-service vulnerability in the in-memory certificate cache was discovered in strongSwan. All versions since 4.2.10 are affected.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions since 5.6.1 are affected.

We are happy to announce the release of strongSwan 5.7.2, which brings automatic signature scheme selection for TPM 2.0, updates for RADIUS and crypto plugins, dynamic paths for swanctl, and several other new features and fixes.

strongSwan 5.7.1 fixes a denial-of-service vulnerability in last week's 5.7.0 release and the patch for the vulnerability that was fixed with it.

A denial-of-service vulnerability in the gmp plugin was discovered in strongSwan. All versions patched with the fix for CVE-2018-16151/2 are affected.