Fedora Linux 8810 Published by

A strongswan security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: strongswan-5.9.4-1.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-95fab6a482
2021-10-29 22:48:33.394648
--------------------------------------------------------------------------------

Name : strongswan
Product : Fedora 35
Version : 5.9.4
Release : 1.fc35
URL :   http://www.strongswan.org/
Summary : An OpenSource IPsec-based VPN and TNC solution
Description :
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key
exchange protocols in conjunction with the native NETKEY IPsec stack of the
Linux kernel.

--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2021-41990 and CVE-2021-41991
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 20 2021 Paul Wouters - 5.9.4-1
- Resolves: rhbz#2015165 strongswan-5.9.4 is available
- Resolves: rhbz#2015611 CVE-2021-41990 strongswan: gmp plugin: integer overflow via a crafted certificate with an RSASSA-PSS signature
- Resolves: rhbz#2015614 CVE-2021-41991 strongswan: integer overflow when replacing certificates in cache
- Add BuildRequire for tpm2-tss-devel and weak dependency for tpm2-tools
* Tue Sep 14 2021 Sahana Prasad - 5.9.3-4
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2015165 - strongswan-5.9.4 is available
  https://bugzilla.redhat.com/show_bug.cgi?id=2015165
[ 2 ] Bug #2015611 - CVE-2021-41990 strongswan: gmp plugin: integer overflow via a crafted certificate with an RSASSA-PSS signature [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2015611
[ 3 ] Bug #2015614 - CVE-2021-41991 strongswan: integer overflow when replacing certificates in cache [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2015614
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-95fab6a482' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys