strongSwan 5.9.9 released, fixing CVE-2023-26463

strongSwan 5.9.9 released, fixing CVE-2023-26463

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 644 bytes --]

Hello development folks,

just for everyone's information:

https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html
https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html

To the best of my understanding, IPFire is affected by CVE-2023-26463
(since the respective strongSwan plugins are loaded), but not vulnerable,
since such authentication cannot be configured via the web interface.
However, any installations running customized IPsec connections might be
affected by this.

Any volounteers for updating strongSwan? Thank you in advance. :-)

All the best,
Peter Müller

Re: strongSwan 5.9.9 released, fixing CVE-2023-26463

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

Hi Peter,

On 05/03/2023 15:44, Peter Müller wrote:
> Hello development folks,
>
> just for everyone's information:
>
> https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html
> https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
>
> To the best of my understanding, IPFire is affected by CVE-2023-26463
> (since the respective strongSwan plugins are loaded), but not vulnerable,
> since such authentication cannot be configured via the web interface.
> However, any installations running customized IPsec connections might be
> affected by this.
>
> Any volounteers for updating strongSwan? Thank you in advance. :-)

I will pick this up if someone else hasn't already started working on it.

Regards,

Adolf.

> All the best,
> Peter Müller