ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Added security info on CVE-2013-6075 and CVE-2013-6076

This commit is contained in:
Andreas Steffen 2013-10-31 22:11:11 +01:00
parent 643da9d2e6
commit 7b8fbd7402
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
NEWS
View File

@ -1,6 +1,15 @@
strongswan-5.1.1
----------------
- Fixed a denial-of-service vulnerability and potential authorization bypass
triggered by a crafted ID_DER_ASN1_DN ID payload. The cause is an insufficient
length check when comparing such identities. The vulnerability has been
registered as CVE-2013-6075.
- Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
fragmentation payload. The cause is a NULL pointer dereference. The
vulnerability has been registered as CVE-2013-6076.
- The lean stand-alone pt-tls-client can set up a RFC 6876 PT-TLS session
with a strongSwan policy enforcement point which uses the tnc-pdp charon
plugin.