USN-2811-1: strongSwan vulnerability

16 November 2015

strongswan vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

strongSwan could be made to bypass authentication.

Software Description

  • strongswan - IPsec VPN solution

Details

It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10
strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu6.2
Ubuntu 15.04
strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu5.3
Ubuntu 14.04 LTS
strongswan-plugin-eap-mschapv2 - 5.1.2-0ubuntu2.4

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References