diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-10-01 22:30:25 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-10-01 22:30:25 +0200 |
| commit | 3001f2ed68bf2e519b197a0a33e9976177c002ae (patch) | |
| tree | f2605a4a10e5e13bd69ba5050155b83d3cfb73fd /NEWS | |
| parent | e0e280b7669435b991b7e457abd8aa450930b3e8 (diff) | |
| download | vyos-strongswan-3001f2ed68bf2e519b197a0a33e9976177c002ae.tar.gz vyos-strongswan-3001f2ed68bf2e519b197a0a33e9976177c002ae.zip | |
New upstream version 5.7.1
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +strongswan-5.7.1 +---------------- + +- Fixes a vulnerability in the gmp plugin triggered by crafted certificates with + RSA keys with very small moduli. When verifying signatures with such keys, + the code patched with the fix for CVE-2018-16151/2 caused an integer underflow + and subsequent heap buffer overflow that results in a crash of the daemon. + The vulnerability has been registered as CVE-2018-17540. + + strongswan-5.7.0 ---------------- |