Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2015-4171

Published: 8 June 2015

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

Priority

High

Status

Package Release Status
strongswan
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty
Released (5.1.2-0ubuntu2.3)
upstream Needs triage

utopic
Released (5.1.2-0ubuntu3.3)
vivid
Released (5.1.2-0ubuntu5.2)
wily
Released (5.1.2-0ubuntu6)
xenial
Released (5.1.2-0ubuntu6)
yakkety
Released (5.1.2-0ubuntu6)
zesty
Released (5.1.2-0ubuntu6)