OESA-2021-1408

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1408

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1408.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2021-1408

Upstream

CVE-2021-41990

CVE-2021-41991

Published

2021-10-30T11:03:18Z

Modified

2025-09-03T06:17:40.439307Z

Summary

strongswan security update

Details

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel.

Security Fix(es):

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.(CVE-2021-41990)

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.(CVE-2021-41991)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / strongswan

Package

Name: strongswan
Purl: pkg:rpm/openEuler/strongswan&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.2-7.oe1

Ecosystem specific

{
    "x86_64": [
        "strongswan-debuginfo-5.7.2-7.oe1.x86_64.rpm",
        "strongswan-5.7.2-7.oe1.x86_64.rpm",
        "strongswan-debugsource-5.7.2-7.oe1.x86_64.rpm"
    ],
    "src": [
        "strongswan-5.7.2-7.oe1.src.rpm"
    ],
    "noarch": [
        "strongswan-help-5.7.2-7.oe1.noarch.rpm"
    ],
    "aarch64": [
        "strongswan-5.7.2-7.oe1.aarch64.rpm",
        "strongswan-debuginfo-5.7.2-7.oe1.aarch64.rpm",
        "strongswan-debugsource-5.7.2-7.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / strongswan

Package

Name: strongswan
Purl: pkg:rpm/openEuler/strongswan&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.2-7.oe1

Ecosystem specific

{
    "x86_64": [
        "strongswan-debuginfo-5.7.2-7.oe1.x86_64.rpm",
        "strongswan-5.7.2-7.oe1.x86_64.rpm",
        "strongswan-debugsource-5.7.2-7.oe1.x86_64.rpm"
    ],
    "src": [
        "strongswan-5.7.2-7.oe1.src.rpm"
    ],
    "noarch": [
        "strongswan-help-5.7.2-7.oe1.noarch.rpm"
    ],
    "aarch64": [
        "strongswan-5.7.2-7.oe1.aarch64.rpm",
        "strongswan-debuginfo-5.7.2-7.oe1.aarch64.rpm",
        "strongswan-debugsource-5.7.2-7.oe1.aarch64.rpm"
    ]
}