Security update for strongswan

SUSE Security Update: Security update for strongswan

---

Announcement ID:	SUSE-SU-2015:1228-1
Rating:	moderate
References:	#876449 #933591
Affected Products:	SUSE Linux Enterprise Server 10 SP4 LTSS

---

An update that fixes two vulnerabilities is now available.

Description:

strongswan was updated to fix two security issues:

• An issue that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (CVE-2015-4171)
• A bug in decoding ID_DER_ASN1_DN ID payloads that could be used for remote denial of service attacks. (CVE-2014-2891)

Security Issues:

• CVE-2015-4171
• CVE-2014-2891

Package List:

• SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
  • strongswan-4.4.0-6.19.1
  • strongswan-doc-4.4.0-6.19.1

References:

• https://www.suse.com/security/cve/CVE-2014-2891.html
• https://www.suse.com/security/cve/CVE-2015-4171.html
• https://bugzilla.suse.com/876449
• https://bugzilla.suse.com/933591
• https://download.suse.com/patch/finder/?keywords=98e26dc2a1696d47c59ab9aa31ce0c35