USN-6772-1

Source
https://ubuntu.com/security/notices/USN-6772-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6772-1.json
Related
  • CVE-2022-4967
Published
2024-05-14T11:20:27.670702Z
Modified
2024-05-14T11:20:27.670702Z
Summary
strongswan vulnerability
Details

Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.

References

Affected packages

Ubuntu:22.04:LTS / strongswan

Package

Name
strongswan

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
5.9.5-2ubuntu2.3

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "charon-systemd": "5.9.5-2ubuntu2.3",
            "strongswan-nm": "5.9.5-2ubuntu2.3",
            "strongswan-libcharon": "5.9.5-2ubuntu2.3",
            "strongswan-scepclient": "5.9.5-2ubuntu2.3",
            "libstrongswan": "5.9.5-2ubuntu2.3",
            "libcharon-extra-plugins": "5.9.5-2ubuntu2.3",
            "charon-cmd": "5.9.5-2ubuntu2.3",
            "strongswan-charon": "5.9.5-2ubuntu2.3",
            "strongswan": "5.9.5-2ubuntu2.3",
            "libstrongswan-standard-plugins": "5.9.5-2ubuntu2.3",
            "libcharon-extauth-plugins": "5.9.5-2ubuntu2.3",
            "strongswan-starter": "5.9.5-2ubuntu2.3",
            "strongswan-pki": "5.9.5-2ubuntu2.3",
            "libstrongswan-extra-plugins": "5.9.5-2ubuntu2.3",
            "strongswan-swanctl": "5.9.5-2ubuntu2.3"
        }
    ]
}