Debian alert DLA-4512-1 (strongswan)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4512-1] strongswan security update | |
| Date: | Fri, 27 Mar 2026 18:21:41 +0000 | |
| Message-ID: | <27e054b9-7692-494-def7-d882f669de89@alteholz.de> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4512-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz March 27, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : strongswan Version : 5.9.1-1+deb11u6 CVE ID : CVE-2026-25075 Kazuma Matsumoto discovered an integer overflow bug in the EAP-TTLS plugin of strongSwan, an IKE/IPsec suite. The EAP-TTLS plugin doesn't check the length field in the header of attribute-value pairs (AVPs) tunneled in EAP-TTLS, which can cause an integer underflow that may lead to a crash. An unauthenticated attacker could exploit this for a DoS attack by sending a crafted message. For Debian 11 bullseye, this problem has been fixed in version 5.9.1-1+deb11u6. We recommend that you upgrade your strongswan packages. For the detailed security status of strongswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/strongswan Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmnGyrZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcOzxAAxpNyxoznSq0Kkh74tBluDFEi6UTf2lXCpdvYf+jMQOG4y8ehJ+KbSkDu 5KF/IBYmAymYBcvfJtM1qk/KNYSKpnuyCGRwvox2T5EireJ/7NxR1mX/M/waBsIX Tmqci/Yi30TbSxuW09b3lr33LsW2iLAGDutStucd9W4dklgqNfc5mGvsyLCByhCu X7JScGdkKSsW9M45ymxVv47XEAbd+Z6HfdBMd5Dda14gKFOcH3ZpeAQ9+xvpU4a/ 6S+cmoAtiMhhJr0reABr1okFKciZNZuV0H9ZoabNPKaPufejdnBBwr8XYayxMkc4 oMxAyqrxmiA7G0qZULtIc6pk66eyWEMnz2RjpYbYpvQ4KIl+j6dh7YVOe1u3qG2S SXg/by67/Lf1ii8Le/xTeQXLmXUIkHaCcTI9wqm03piw0i7qrXD/cdOiqWehjMQE 6yb6v8LHVv4iu0a28VUPDrnWv0LgDUNv+cAmLeL0SGceJ+cjVYJaUx3TvK7OR5BY UYCgl0KukDdBSnQeUNoUtaZ+iCGfplYur3Dis2CWMwaY3UGySDwoa7jRhEFgQk+r mrGhAQcfwNXObVOVrdOeRNnWq5G7VWectPVBwwg2QXEoUlrzPmdkcBh91ICiDJN3 1z+mH2OmKSiyp6OEvBKJ2iDSQZgoA7I5AGSyu9VcCCGhkIdCJRI= =QWdT -----END PGP SIGNATURE-----