b79d735139
Fixed a vulnerability related to online certificate revocation checking that was caused because the revocation plugin used potentially untrusted OCSP URIs and CRL distribution points in certificates. This allowed a remote attacker to initiate IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control, which could have lead to a denial-of-service attack. This vulnerability has been registered as CVE-2022-40617. Drop patch (already in version) https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html https://github.com/strongswan/strongswan/releases/tag/5.9.6 https://github.com/strongswan/strongswan/releases/tag/5.9.7 https://github.com/strongswan/strongswan/releases/tag/5.9.8 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
|---|---|---|
| .. | ||
| Config.in | ||
| strongswan.hash | ||
| strongswan.mk | ||