[OpenWrt-Devel] (CVE-2014-2338) authentication bypass vulnerability in strongSwan needs patching
Noel Kuntze
noel at familie-kuntze.de
Sat Jul 5 18:00:13 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello,
I am once again inquiring about this vulnerabity.
The strongSwan version in the repository for the 12.09 version of OpenWRT is still not patched
and Mr. Fietkau does not respond to any emails. I wrote him one on 2014-06-08 and one on 2014-07-02.
Please update the packages.
Lots of people are running vulnerable StrongSwan versions on publicly reachable OpenWRT routers.
Regards,
Noel Kuntze
GPG Key id: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
Am 15.04.2014 19:27, schrieb Felix Fietkau:
> On 2014-04-15 00:33, Noel Kuntze wrote:
>> Hello list,
>>
>> An authentication bypass vulnerability has been revealed by the strongSwan team. All versions of strongSwan since 4.0.7 are affected.
>> All affected packages need to be patched.
>> The patches for the different version can be gotten from http://download.strongswan.org/security/CVE-2014-2338/
> Strongswan has been updated to 5.1.3 in r40516.
> I will also backport this version to the 12.09 branch.
>
> - Felix
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTuHVtAAoJEDg5KY9j7GZYKm8P/j0bBPIf8OfphIBY+riHidsY
uShpCWSUG1ee4OB/Moi43F1+1MCmQ1oNtF0UWqzknkJIt3T8sjGYDenVtBgsYGT6
G634z7AHhp2IHYT9cBBZQ95ay0MvGjCPiHu2M98ufYNCo8SC5x2EtcKilNGgVH8G
FQftMAk+Bqs43Y8KEjD3UFg1xo7Ccq8sggcoOBHYG8v/nQCG0L6Nkcz7EdmBUtLL
o8nQ+kHgvCVqXHC3IuIJ2qnWVmdofbt4MgV83g8CBwXLYmgZe9ORbqa7+L4Zd2eG
b/8c7MMiHCi+t1kEB/9m82Aji9JIUNKp5XwUfnqUNNkm39loD5jRwYtlF2VvGFsI
n5kjRC/11nkVgQWN+nRMrK1CfunY2FD+9WA7UUtVbOSvfWXCrdUb+YMuTtAqyygI
OKueJx9RkwSmo+tUSqiDQpaQmItYcTZw/sCluRQI9XS/qzAGFLZhHD8pMl5Slwd5
PB27TRaz6BSZHalKoRV0VnWF5Alz5jbVO41saIcUwu7OAT98np7Q3VGag+0xXWHd
xwK1Mkc+YEBtqbXVvVstq0jtuzau5pkVceGrht3hzGrwR2O+QAzJQEZQuGOsIZv2
r2ZNxSkdAAQqstbqkt1XyMSi+Hkwnoc+VmhXHoLCShg9M6+XtjX7VDaBevTkZbpm
NgTeuS4aGQShT+3+jDXV
=IpJs
-----END PGP SIGNATURE-----
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list