From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 76F84CE7A8B for ; Sun, 24 Sep 2023 21:35:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 24A18415F4; Sun, 24 Sep 2023 21:35:55 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 24A18415F4 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lGigEpFsvajo; Sun, 24 Sep 2023 21:35:54 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id 38A6541719; Sun, 24 Sep 2023 21:35:53 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 38A6541719 Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 3780A1BF2CC for ; Sun, 24 Sep 2023 21:35:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 118516076C for ; Sun, 24 Sep 2023 21:35:52 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 118516076C X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V9RC3bD8WkjE for ; Sun, 24 Sep 2023 21:35:51 +0000 (UTC) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by smtp3.osuosl.org (Postfix) with ESMTPS id D316360093 for ; Sun, 24 Sep 2023 21:35:50 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org D316360093 Received: by mail.gandi.net (Postfix) with ESMTPSA id 7DCEFE0003; Sun, 24 Sep 2023 21:35:47 +0000 (UTC) Received: from peko by dell.be.48ers.dk with local (Exim 4.94.2) (envelope-from ) id 1qkWlW-001yhB-TF; Sun, 24 Sep 2023 23:35:46 +0200 From: Peter Korsgaard To: Fabrice Fontaine References: <20230917120613.63980-1-fontaine.fabrice@gmail.com> Date: Sun, 24 Sep 2023 23:35:46 +0200 In-Reply-To: <20230917120613.63980-1-fontaine.fabrice@gmail.com> (Fabrice Fontaine's message of "Sun, 17 Sep 2023 14:06:13 +0200") Message-ID: <877coffe4t.fsf@48ers.dk> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 X-GND-Sasl: peter@korsgaard.com Subject: Re: [Buildroot] [PATCH 1/1] package/strongswan: security bump to version 5.9.11 X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?B?SsOpcsO0bWU=?= Pouiller , buildroot@buildroot.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" >>>>> "Fabrice" == Fabrice Fontaine writes: > Fix CVE-2023-26463: strongSwan 5.9.8 and 5.9.9 potentially allows remote > code execution because it uses a variable named "public" for two > different purposes within the same function. There is initially > incorrect access control, later followed by an expired pointer > dereference. One attack vector is sending an untrusted client > certificate during EAP-TLS. A server is affected only if it loads > plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, > EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. > https://github.com/strongswan/strongswan/blob/5.9.11/NEWS > https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html > Signed-off-by: Fabrice Fontaine Committed to 2023.02.x, 2023.05.x and 2023.08.x, thanks. -- Bye, Peter Korsgaard _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot