[OpenWrt-Devel] (CVE-2014-2338) authentication bypass vulnerability in strongSwan needs patching

John Crispin john at phrozen.org
Mon Jul 7 02:41:47 EDT 2014


i stopped bb-builder2 and pointed it at AA instead of BB. i will
update strongswan, openssl and gnutls during the day.

sorry for the delay, the old AA builders HDD died half way through the
build 2 weeks ago and i was busy with BB and simply forgot.

sorry for the delay



On 06/07/2014 17:41, Noel Kuntze wrote:
> 
> Hello Mirko,
> 
> So fixes or new versions with fixes will only be backported, if
> there is a complete rebuilt scheduled for the release?
> 
> Regards, Noel Kuntze
> 
> GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592
> 3839 298F 63EC 6658 Am 06.07.2014 14:39, schrieb Mirko Parthey:
>> Am Sonntag, 06.07.14, 00:00 +0200 schrieb Noel Kuntze:
>>> I am once again inquiring about this vulnerabity. The
>>> strongSwan version in the repository for the 12.09 version of
>>> OpenWRT is still not patched and Mr. Fietkau does not respond
>>> to any emails. I wrote him one on 2014-06-08 and one on
>>> 2014-07-02.
>>> 
>>> Please update the packages. Lots of people are running
>>> vulnerable StrongSwan versions on publicly reachable OpenWRT
>>> routers.
> 
>> Felix Fietkau updated the strongSwan package in the 12.09 SVN
>> branch (r40518, 2014-04-15) shortly after updating it in trunk. 
>> However, it appears that the release branch is not rebuilt
>> automatically, so the binary packages are outdated. For OpenSSL,
>> packages have been rebuilt manually, but that seems to be the
>> exception.
> 
>> There has been mention on this mailing list of a Barrier Breaker
>> release being worked on, but I have no information if there will
>> be another release of Attitude Adjustment, which would then also
>> come with updated packages from the 12.09 branch.
> 
>> Regards, Mirko
> 
> _______________________________________________ openwrt-devel
> mailing list openwrt-devel at lists.openwrt.org 
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
> 
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list