Ubuntu Security Notice 6772-1 - Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.
590fa84cad23748ca02289e6f9530d990b8eb44ed69567c869b7a9030e59d269==========================================================================
Ubuntu Security Notice USN-6772-1
May 14, 2024
strongswan vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Fraudulent security certificates could allow access controls to be
bypassed.
Software Description:
- strongswan: IPsec VPN solution
Details:
Jan Schermer discovered that strongSwan incorrectly validated client
certificates in certain configurations. A remote attacker could possibly
use this issue to bypass access controls.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libstrongswan 5.9.5-2ubuntu2.3
strongswan 5.9.5-2ubuntu2.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6772-1
CVE-2022-4967
Package Information:
https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed