[OpenWrt-Devel] (CVE-2014-2338) authentication bypass vulnerability in strongSwan needs patching

Mirko Parthey mirko.parthey at web.de
Sun Jul 6 08:39:16 EDT 2014

Am Sonntag, 06.07.14, 00:00 +0200 schrieb Noel Kuntze:
> I am once again inquiring about this vulnerabity.
> The strongSwan version in the repository for the 12.09 version of OpenWRT is still not patched
> and Mr. Fietkau does not respond to any emails. I wrote him one on 2014-06-08 and one on 2014-07-02.
> Please update the packages.
> Lots of people are running vulnerable StrongSwan versions on publicly reachable OpenWRT routers.

Felix Fietkau updated the strongSwan package in the 12.09 SVN branch
(r40518, 2014-04-15) shortly after updating it in trunk.
However, it appears that the release branch is not rebuilt automatically,
so the binary packages are outdated.
For OpenSSL, packages have been rebuilt manually, but that seems to be
the exception.

There has been mention on this mailing list of a Barrier Breaker release
being worked on, but I have no information if there will be another
release of Attitude Adjustment, which would then also come with updated
packages from the 12.09 branch.

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list