Ubuntu alert USN-8196-2 (strongswan)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8196-2] strongSwan vulnerabilities | |
| Date: | Mon, 27 Apr 2026 13:37:53 +0000 | |
| Message-ID: | <E1wHM9p-0003VX-GV@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8196-2 April 27, 2026 strongswan vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: Summary: Several security issues were fixed in strongSwan. Software Description: Details: USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported_versions extension in TLS. A remote attacker could possibly use this issue to cause strongSwan to stop responding, resulting in a denial of service. (CVE-2026-35328) Haruto Kimura discovered that strongSwan incorrectly handled certain encrypted PKCS#7 containers. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35329) Lukas Johannes Moeller discovered that strongSwan incorrectly handled certain EAP-SIM/AKA attributes. A remote attacker could use this issue to cause strongSwan to stop responding, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-35330) Haruto Kimura discovered that strongSwan incorrectly handled processing of X.509 name constraints. A remote attacker could possibly use this issue to bypass excluded name constraints. (CVE-2026-35331) Haruto Kimura discovered that strongSwan incorrectly processed ECDH public values. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35332) Lukas Johannes Moeller discovered that strongSwan incorrectly handled certain RADIUS attributes. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35333) Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35334) Update instructions: The problem can be corrected by updating your system to the following package versions: In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8196-2 https://ubuntu.com/security/notices/USN-8196-1 CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnvWvEACgkQcpJm3tlz hgFrwA/+Ie/2r1FXqDDwt1PfZDppCxnoEaMHRiz/3RuMN5scgA13LKrFXAuSxyFy OTLvV7u4knJW9ux42pecCQz6HY/sxtaxR9uPeEz91lHTsxG6WbKXlEWpukg0b1t+ Xn3waXBeJZ7UcJPkbbq8uzK8KDs+trlWtRdqtjZ2TwpuUEtc5PFAS1sGbNVrATD3 gVsrxX8U891b8xtkpqH6IhgyxaHuBhlUk3s3gFPG4KnuLNBgAVP7DavgHe2yq2/s MtrlMgV+LgvDmNFpvaX6jswApt99UjmbpVSbcr7g68r0xZQR9DVbk5Jg4QkQn9dO iEUHxQJhe12IeIsknAZtWVO9GLzQf8sl1P7OZT6R3EvIIFrXfbNvU9JKUOklSuqb w3l845PND5+5vcj9kXe6ak3q/rViWy5Gu5PWcizaAMHuFDwrBwuQcLGVN91xtCyh GERGfZUB1bGrBCcRLP/yhzOS+/RQQe7MY/5u97YX1YtOBJJ3zE5SuBTkiK0hev+d A6MVvtaATDn1I/5BBZALcdsvakiF7o1BUOv3TlQOja/p3tGDGS8XDA1dzlUfxk2U 6kJXNUCJzR7hZ1ZqtzJk0EYGcuUkDAQjcGBjw2K0tSSiHjjkOBxWbN3ZuSoDw1mp 3Fo0n3xDaueR6Eci/yCMpQNpkvyYMMxHkUscVt3Dt25oPkLj1oQ= =E8hv -----END PGP SIGNATURE-----