Debian Linux Security Advisory 5056-1 - Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack.
3f01304d6e75047f0ba8731c0afaaf92022fb1926f6d750bfd56f791a114d336
Ubuntu Security Notice 5250-2 - USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
1d22e7fac1daa8e5ea3208097eff6521c29300f346c371e518e83be99e27adfb
Ubuntu Security Notice 5250-1 - Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
71f8b5b0f86bc72d7ae02ec7dbfb0ae317f210f58114b49aedd4361de253aebc