Security update for strongswan
SUSE Security Update: Security update for strongswan
Announcement ID: | SUSE-SU-2015:1228-1 |
Rating: | moderate |
References: | #876449 #933591 |
Affected Products: |
An update that fixes two vulnerabilities is now available.
Description:
strongswan was updated to fix two security issues:
- An issue that could enable rogue servers to gain user credentials from a client in certain IKEv2 setups. (CVE-2015-4171)
- A bug in decoding ID_DER_ASN1_DN ID payloads that could be used for remote denial of service attacks. (CVE-2014-2891)
Security Issues:
Package List:
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
- strongswan-4.4.0-6.19.1
- strongswan-doc-4.4.0-6.19.1