Security update for strongswan
SUSE Security Update: Security update for strongswan
The following security issue is fixed by this update:
* bnc#870572: strongswan has been updated to fix an
authentication problem where attackers could have bypassed
the IKEv2 authentication. (CVE-2014-2338)
Security Issue reference:
* CVE-2014-2338
>
Announcement ID: | SUSE-SU-2014:0529-1 |
Rating: | important |
References: | #870572 |
Affected Products: |
An update that fixes one vulnerability is now available. It includes one version update.
Description:
The following security issue is fixed by this update:
* bnc#870572: strongswan has been updated to fix an
authentication problem where attackers could have bypassed
the IKEv2 authentication. (CVE-2014-2338)
Security Issue reference:
* CVE-2014-2338
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-strongswan-9089
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-strongswan-9089
- SUSE Linux Enterprise Server 11 SP2 LTSS:
zypper in -t patch slessp2-strongswan-9091
- SUSE Linux Enterprise Server 11 SP1 LTSS:
zypper in -t patch slessp1-strongswan-9090
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-strongswan-9089
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
- strongswan-4.4.0-6.23.1
- strongswan-doc-4.4.0-6.23.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- strongswan-4.4.0-6.23.1
- strongswan-doc-4.4.0-6.23.1
- SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):
- strongswan-4.4.0-6.23.1
- strongswan-doc-4.4.0-6.23.1
- SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 4.4.0]:
- strongswan-4.4.0-6.23.1
- strongswan-doc-4.4.0-6.23.1
- SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
- strongswan-4.4.0-6.17.1
- strongswan-doc-4.4.0-6.17.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
- strongswan-4.1.10-0.20.1
- strongswan-doc-4.1.10-0.20.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- strongswan-4.4.0-6.23.1
- strongswan-doc-4.4.0-6.23.1
References:
- http://support.novell.com/security/cve/CVE-2014-2338.html
- https://bugzilla.novell.com/870572
- http://download.suse.com/patch/finder/?keywords=2fa17d32e96a0a6e75cf09c3ee27248a
- http://download.suse.com/patch/finder/?keywords=6934f5428f28e943d4b95fb80186e500
- http://download.suse.com/patch/finder/?keywords=a056596e6640418d5e1521a74c8dddb7
- http://download.suse.com/patch/finder/?keywords=bf28f278dcbe157650c32cbc4472be03
- http://download.suse.com/patch/finder/?keywords=fcda2d9564b781d675247b9a0b0cc648