[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6227-1] strongswan security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6227-1] strongswan security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Wed, 22 Apr 2026 12:57:06 +0000 Message-id: <[🔎] aejFogH4g9CFPrYe@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6227-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez April 22, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2026-35328 CVE-2026-35329 CVE-2026-35330 CVE-2026-35331 CVE-2026-35332 CVE-2026-35333 CVE-2026-35334 Multiple vulnerabilities were fixed in strongSwan, an IKE/IPsec suite. CVE-2026-35328 A vulnerability in libtls related to the processing of the supported_versions extension in TLS that can result in an infinite loop. CVE-2026-35329 Vulnerabilities in libstrongswan and the pkcs7 plugin related to the processing of encrypted PKCS#7 containers that can result in a crash. CVE-2026-35330 A vulnerability in libsimaka related to the processing of certain EAP-SIM/AKA attributes that can result in an infinite loop or a heap-based buffer overflow and potentially remote code execution. CVE-2026-35331 A vulnerability in the constraints plugin related to the processing of X.509 name constraints that can allow authentication with certificates that violate the constraints. CVE-2026-35332 A vulnerability in libtls related to the processing of ECDH public values in TLS < 1.3 that can result in a crash. CVE-2026-35333 A vulnerability in libradius related to the processing of RADIUS attributes that can result in an infinite loop or an out-of-bounds read that may cause a crash. CVE-2026-35334 A vulnerability in the gmp plugin related to RSA decryption that can result in a crash. For the oldstable distribution (bookworm), these problems have been fixed in version 5.9.8-5+deb12u4. For the stable distribution (trixie), these problems have been fixed in version 6.0.1-6+deb13u5. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnoxWwACgkQEMKTtsN8 Tja9wxAAhgIzW47lfkVpyjdpIk1r0f5QlCVd8dobvBFtl+gygV5L9HG3btEe8X+/ w+07XZcx/TBhlavrAHxpnVDlm4Ppjq6b5o2xBwOsfLACEmxA9VgDIH3EZytAja2J 0jw2ILHJtWbHE+8PEH8OvQgfnI1Y9PFsT1s20izzvIrWivfIQCRhK7fRIu6s4HbK 3GZf4wgyCFC3V25RxbfHsxsaVM+sepMhF8v2sr3fKuprvRyVdeduuCztiM3ahRzW kcuwh799ZgQL0zTnjXXN5rR66D9UWAafZRNX5lNtgLWo7QqagMnE0TPgWhbAoVcI AULj05v453pB6YS9KIA+wXmQmMwSP98pVdQritlIkZY9UxdtVIoxrVYiGqEGFYYN OhtRI+NgDJlxs3/Ngdu1alGaDJbuSeDy4etND8rLstXbgDHdW2oAFEwK41CBsf0O 2Z3T9/zlLdUjjyLMT4GnHQ4lJg0sFBBncNRCLGrWvCftVSB23cplTgCR9SPTUQzM ueBQJWTwFnPawvl5PWsFo9JwuKqSBhe+D9UK7snrWZxssMCKSaG4JjKalOm9lvyZ EV6BdWfj8jyiTggLMle4JOJZeLc4VNEt9I/beysgpSoikx2LAHlAQV4i1HzjZ32i sE7XlNw1apTz0CHa6f5DHxu65jsnjD0TH6q+rx3vxMEcj6kPBtM= =LvjN -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6226-1] packagekit security update Next by Date: [SECURITY] [DSA 6228-1] cpp-httplib security update Previous by thread: [SECURITY] [DSA 6226-1] packagekit security update Next by thread: [SECURITY] [DSA 6228-1] cpp-httplib security update Index(es): Date Thread