NEWS: Add info about CVE-2018-17540

2018-10-01 10:26:08 +02:00 · 2018-10-01 10:26:08 +02:00 · 291c1acd4b
parent 129ab919a8
commit 291c1acd4b
1 changed files with 10 additions and 0 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+strongswan-5.7.1
+----------------
+
+- Fixes a vulnerability in the gmp plugin triggered by crafted certificates with
+  RSA keys with very small moduli.  When verifying signatures with such keys,
+  the code patched with the fix for CVE-2018-16151/2 caused an integer underflow
+  and subsequent heap buffer overflow that results in a crash of the daemon.
+  The vulnerability has been registered as CVE-2018-17540.
+
+
 strongswan-5.7.0
 ----------------