drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in strongSwan
Name: |
Mangelnde Rechteprüfung in strongSwan |
|
ID: |
USN-2811-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 15.04, Ubuntu 15.10 |
|
Datum: |
Mo, 16. November 2015, 22:48 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8023 |
|
Applikationen: |
strongSwan |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6653432967523244296== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2811-1 November 16, 2015
strongswan vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10 - Ubuntu 15.04 - Ubuntu 14.04 LTS
Summary:
strongSwan could be made to bypass authentication.
Software Description: - strongswan: IPsec VPN solution
Details:
It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: strongswan-plugin-eap-mschapv2 5.1.2-0ubuntu6.2
Ubuntu 15.04: strongswan-plugin-eap-mschapv2 5.1.2-0ubuntu5.3
Ubuntu 14.04 LTS: strongswan-plugin-eap-mschapv2 5.1.2-0ubuntu2.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2811-1 CVE-2015-8023
Package Information: https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu6.2 https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu5.3 https://launchpad.net/ubuntu/+source/strongswan/5.1.2-0ubuntu2.4
--htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJWSiehAAoJEGVp2FWnRL6Tl68P/iuyJfnxPBH6Jp+exGigBgYh mURCBNZqFAr/8xzYR4oGrb/EXN1NsnPUUDUVVdqO3j7Z1L7ljEB3YkcCiMSjeYpN uIpQfTqVB+0ci3He4qsHL/yCuvhJXMPhoXkIpYrz64Bq0GAkIYmWSm0+QJWXMBim lSljW3IPTdHrhL795EDXejbzCkeBDhfE5GRS6f0c8ps7TGi2BqLM2jd+mUS5+oLI YUkvgcdiBDC3axW8kBGkRqjzf3eF9QjkTGWX9O/5V8H8heV8V7oM1LRtwFt1PYNp 7Wqp4JRF06ShNjOTBGqCp+bypw3lUz6AqH8QSF60tYKSgHWGDYqcLF+7/fVoMf/X 4Q4LO5EfHudrq38bZdBVF4n4r1KZ8Sw4xUjgfkTdl375fHRBUVxA/3B9R3/gRGxA cB8ayCPk7BMJcbDLuBeMTUn/BIgeQ3vdKj9JLeQ7k8+ttj2ReaHcmyyJuDZsMyA1 OUMoY6Cbq/3c2ym0ZCvhQochMZOyiEYklJ1dhSRO4ygKjYX8T5qy7cigVCTPgtoW F3o07a6HU5lAPgtI3t5K6qqJgoiNICxKfwfLH+P9tf6VdIRSzS7U9B8tHpmyJGv/ ey9OmKcXQPz+MANA6jJ23iLXF1BEGW5thQaq0rRkunjWj/LFYh6P3RVdxLUNf3hO 8HkWOztoqW3BCESTtaQj =WLOK -----END PGP SIGNATURE-----
--htU96uQaRG6rgscG4tmC2Q3MxEVqnPdqg--
--===============6653432967523244296== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6653432967523244296==--
|
|
|
|