From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: strongSwan 5.9.9 released, fixing CVE-2023-26463
Date: Sun, 05 Mar 2023 14:44:55 +0000
Message-ID: <16ee9a74-851b-1b24-b550-314b46873396@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1436347085009706678=="
List-Id: <development.lists.ipfire.org>

--===============1436347085009706678==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello development folks,

just for everyone's information:

https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023=
-26463).html
https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html

To the best of my understanding, IPFire is affected by CVE-2023-26463
(since the respective strongSwan plugins are loaded), but not vulnerable,
since such authentication cannot be configured via the web interface.
However, any installations running customized IPsec connections might be
affected by this.

Any volounteers for updating strongSwan? Thank you in advance. :-)

All the best,
Peter M=C3=BCller

--===============1436347085009706678==--