Debian alert DSA-6041-1 (strongswan)
| From: | Salvatore Bonaccorso <carnil@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6041-1] strongswan security update | |
| Date: | Mon, 27 Oct 2025 16:15:35 +0000 | |
| Message-ID: | <E1vDPsd-00BTrm-2q@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6041-1 security@debian.org https://www.debian.org/security/ Yves-Alexis Perez October 27, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : strongswan CVE ID : CVE-2025-62291 Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of strongSwan, an IKE/IPsec suite. The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash, and a heap-based buffer overflow that's potentially exploitable for remote code execution. For the oldstable distribution (bookworm), this problem has been fixed in version 5.9.8-5+deb12u2. For the stable distribution (trixie), this problem has been fixed in version 6.0.1-6+deb13u2. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmj/mn5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SJCQ/7B1VAo+xA+jS6ChvX8OjZKWTWxCspeOJwibI4sRwCv4dGB7pMvznGxs/y HMHfsB0ffTy8lBMv5Ne1FHsHTIGrhvYkHkJCLu4aFg9aoj+yeimhoG2SOdi21Pnj bMN4x5hOXpTaZLePVvZuU/NgjpRiG2dB0DEApVUKcEVZmzIZW08RyR5uLxshxfhu SBCt0xxO1XsmJu3Nob32Z/LtboRxQTbBsf7BlYWKOUx/X666wcAQHXqqeuJ52CMp yvDm3d/JSuFlK1JqF9ZwULv64cgIqlyztmYm14u29M1bwm4s/Z7DsSOoEJtW17Lf pOjNMUc0B3MqyGJRHTTqEDQ4GfhNEgsCTdLDrGWdLieN2tH8FhX8+e8qxkls7mbC F2Bvtoklebiq3fic9QyCT1v69cnzHZl8ImIeCu2RmS8jQqn1nsWOTCSqDYOA7rN9 bd03+uECn7UTPUaId+AIjdcwnWIg4EWTUdofLoH2TCk3ERW4/etFzHsOiGCfdjhU Gao6422b5xlzQIzG6nYVklh00SVGs5lRRMzkj15TDuK/BeejkO7xXmDM51J6/1S9 5AvwsB8Dgc2ipHOSgA7MTojVkv+yOGWjPHiZKhNNi4ffKkXN767nAQKWkyybk4+6 +VT0zR61L13ykdT6OOK89JAHKqfcf/UYCtwRsemRpQX2s3PEAMs= =rfUx -----END PGP SIGNATURE-----