Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in strongSwan
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in strongSwan
ID: USN-2811-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 15.04, Ubuntu 15.10
Datum: Mo, 16. November 2015, 22:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8023
Applikationen: strongSwan

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6653432967523244296==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2811-1
November 16, 2015

strongswan vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS

Summary:

strongSwan could be made to bypass authentication.

Software Description:
- strongswan: IPsec VPN solution

Details:

It was discovered that the strongSwan eap-mschapv2 plugin incorrectly
handled state. A remote attacker could use this issue to bypass
authentication.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.10:
strongswan-plugin-eap-mschapv2 5.1.2-0ubuntu6.2

Ubuntu 15.04:
strongswan-plugin-eap-mschapv2 5.1.2-0ubuntu5.3

Ubuntu 14.04 LTS:
strongswan-plugin-eap-mschapv2 5.1.2-0ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2811-1
CVE-2015-8023

Package Information:
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu6.2
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu5.3
https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu2.4



--htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWSiehAAoJEGVp2FWnRL6Tl68P/iuyJfnxPBH6Jp+exGigBgYh
mURCBNZqFAr/8xzYR4oGrb/EXN1NsnPUUDUVVdqO3j7Z1L7ljEB3YkcCiMSjeYpN
uIpQfTqVB+0ci3He4qsHL/yCuvhJXMPhoXkIpYrz64Bq0GAkIYmWSm0+QJWXMBim
lSljW3IPTdHrhL795EDXejbzCkeBDhfE5GRS6f0c8ps7TGi2BqLM2jd+mUS5+oLI
YUkvgcdiBDC3axW8kBGkRqjzf3eF9QjkTGWX9O/5V8H8heV8V7oM1LRtwFt1PYNp
7Wqp4JRF06ShNjOTBGqCp+bypw3lUz6AqH8QSF60tYKSgHWGDYqcLF+7/fVoMf/X
4Q4LO5EfHudrq38bZdBVF4n4r1KZ8Sw4xUjgfkTdl375fHRBUVxA/3B9R3/gRGxA
cB8ayCPk7BMJcbDLuBeMTUn/BIgeQ3vdKj9JLeQ7k8+ttj2ReaHcmyyJuDZsMyA1
OUMoY6Cbq/3c2ym0ZCvhQochMZOyiEYklJ1dhSRO4ygKjYX8T5qy7cigVCTPgtoW
F3o07a6HU5lAPgtI3t5K6qqJgoiNICxKfwfLH+P9tf6VdIRSzS7U9B8tHpmyJGv/
ey9OmKcXQPz+MANA6jJ23iLXF1BEGW5thQaq0rRkunjWj/LFYh6P3RVdxLUNf3hO
8HkWOztoqW3BCESTtaQj
=WLOK
-----END PGP SIGNATURE-----

--htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg--


--===============6653432967523244296==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6653432967523244296==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung