Security update for strongswan SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:14887-1 Final 1 1 2022-02-18T09:39:04Z current 2022-02-18T09:39:04Z 2022-02-18T09:39:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for strongswan This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-strongswan-14887,slessp4-strongswan-14887 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/ Link for SUSE-SU-2022:14887-1 https://lists.suse.com/pipermail/sle-security-updates/2022-February/010262.html E-Mail link for SUSE-SU-2022:14887-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1107874 SUSE Bug 1107874 https://bugzilla.suse.com/1109845 SUSE Bug 1109845 https://bugzilla.suse.com/1194471 SUSE Bug 1194471 https://www.suse.com/security/cve/CVE-2018-16151/ SUSE CVE CVE-2018-16151 page https://www.suse.com/security/cve/CVE-2018-16152/ SUSE CVE CVE-2018-16152 page https://www.suse.com/security/cve/CVE-2018-17540/ SUSE CVE CVE-2018-17540 page https://www.suse.com/security/cve/CVE-2021-45079/ SUSE CVE CVE-2021-45079 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS strongswan-4.4.0-6.36.12.1 strongswan-doc-4.4.0-6.36.12.1 strongswan-4.4.0-6.36.12.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 strongswan-doc-4.4.0-6.36.12.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 strongswan-4.4.0-6.36.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS strongswan-doc-4.4.0-6.36.12.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. CVE-2018-16151 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/ https://www.suse.com/security/cve/CVE-2018-16151.html CVE-2018-16151 https://bugzilla.suse.com/1107874 SUSE Bug 1107874 https://bugzilla.suse.com/1109845 SUSE Bug 1109845 In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. CVE-2018-16152 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/ https://www.suse.com/security/cve/CVE-2018-16152.html CVE-2018-16152 https://bugzilla.suse.com/1107874 SUSE Bug 1107874 The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. CVE-2018-17540 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/ https://www.suse.com/security/cve/CVE-2018-17540.html CVE-2018-17540 https://bugzilla.suse.com/1107874 SUSE Bug 1107874 https://bugzilla.suse.com/1109845 SUSE Bug 1109845 In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. CVE-2021-45079 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1 SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/ https://www.suse.com/security/cve/CVE-2021-45079.html CVE-2021-45079 https://bugzilla.suse.com/1194471 SUSE Bug 1194471