From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4d2YSZ4zrrz336k for ; Thu, 06 Nov 2025 20:19:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4d2YSW2SC3z2xSM for ; Thu, 06 Nov 2025 20:19:23 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4d2YSV0CnFz2jJ; Thu, 06 Nov 2025 20:19:21 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1762460362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R4SaXfd3LM7cVFPbAgUNxt6KTTyAq0J1DC0GdcOjuWw=; b=1mYBnLWCkJUsiq8OyguC8ccUesF9EmLda4EoUOzmbRkG/L45xHI9N1KGtM0qfn46vC1Nk4 NBCelIoSkTaTAyCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1762460362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R4SaXfd3LM7cVFPbAgUNxt6KTTyAq0J1DC0GdcOjuWw=; b=ZzE8WAYsiHiyZG3HcSOIs53h/sD+2WJJM5nGqQ1adsGBmrI0vKhyHhk73+Oenq+l4+mD8Y 2oPCbecEyJzlsPuzDHYp8LBSrW03LYglcto4zzGczpT/+3h9d3ik3m9DbXHslJZYPeqtRI kfqDx/YgT1i4bZuzC7NNIXKBInUAbJ1qR9RLMQLW043OWgL/vs2CMjyKgiQyx5hkWzrCIH bRBiOEbPau9sCpypUddEnMvaD8RbYxZ3LzfK9I/YT+ApE5CrjusZjRdExzRXVPv52KF6/G dtge79pm3ePTltE04DgcBGdS9Q5GuvI9fPi/VQItRwp6uXKb4r0vTBY+JKmPqg== Content-Type: text/plain; charset=us-ascii Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: Mime-Version: 1.0 Subject: Re: Strongswan 6.0.3 update with CVE fix From: Michael Tremer In-Reply-To: <00a79390-d15d-48ee-9b47-f15b48c7b358@ipfire.org> Date: Thu, 6 Nov 2025 20:19:21 +0000 Cc: "IPFire: Development-List" Content-Transfer-Encoding: quoted-printable Message-Id: <0978596A-770B-433D-A955-7234A537A380@ipfire.org> References: <00a79390-d15d-48ee-9b47-f15b48c7b358@ipfire.org> To: Adolf Belka Hello Adolf, Yes, this is good thing to do. The vulnerability reads as this: Fixed a vulnerability in the eap-mschapv2 plugin related to processing = Failure Request packets on the client that can lead to a heap-based = buffer overflow and potentially remote code execution. This = vulnerability has been registered as CVE-2025-62291. Please refer to our = blog for details. So it would not affect us as we are not using this plugin, but we should = update regardless. Best, -Michael > On 6 Nov 2025, at 19:46, Adolf Belka wrote: >=20 > Hi all, >=20 > I have found that there is a new strongswan update that has a CVE fix = in it. >=20 > I will also do an update for that after the suricata update has been = submitted. >=20 > Regards, >=20 > Adolf. >=20 >=20