Hello development folks,
just for everyone's information:
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-202... https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
To the best of my understanding, IPFire is affected by CVE-2023-26463 (since the respective strongSwan plugins are loaded), but not vulnerable, since such authentication cannot be configured via the web interface. However, any installations running customized IPsec connections might be affected by this.
Any volounteers for updating strongSwan? Thank you in advance. :-)
All the best, Peter Müller
Hi Peter,
On 05/03/2023 15:44, Peter Müller wrote:
Hello development folks,
just for everyone's information:
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-202... https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
To the best of my understanding, IPFire is affected by CVE-2023-26463 (since the respective strongSwan plugins are loaded), but not vulnerable, since such authentication cannot be configured via the web interface. However, any installations running customized IPsec connections might be affected by this.
Any volounteers for updating strongSwan? Thank you in advance. :-)
I will pick this up if someone else hasn't already started working on it.
Regards,
Adolf.
All the best, Peter Müller