rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Tue, 30 May 2017 13:03:24 +0000 (15:03 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Thu, 1 Jun 2017 14:40:50 +0000 (16:40 +0200)
commit	8bba6f823ea063d3c0247c35251b54f7687c6f69
tree	5f7bd61928bf44d9fb173355039b93f7b1e72769	tree \| snapshot
parent	9bc38c800d776060be2140dfc811146c8d56de8a	commit \| diff

strongswan: add upstream security patches

Fixes:

CVE-2017-9022 - RSA public keys passed to the gmp plugin aren't
validated sufficiently before attempting signature verification, so that
invalid input might lead to a floating point exception and crash of the
process. A certificate with an appropriately prepared public key sent by a
peer could be used for a denial-of-service attack.

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9022%29.html

CVE-2017-9023 - ASN.1 CHOICE types are not correctly handled by the ASN.1
parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically
crafted certificate.

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-%28cve-2017-9023%29.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
(cherry picked from commit e43efb9b654ae19e9e47ae5828d9e99b044f37c9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/strongswan/strongswan.hash		diff \| blob \| history
package/strongswan/strongswan.mk		diff \| blob \| history