Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#11576 closed defect (fixed)

strongswan4: Critical vulnerability in gmp plugin (CVE-2012-2388)

Reported by: spam@… Owned by: developers
Priority: highest Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: security strongswan CVE-2012-2388 vulnerability gmp RSA Cc:


This is to notify you of a vulnerability in strongswan's gmp plugin regarding the verification of RSA signatures. An attacker may create an empty or zeroed RSA signature which can pass for a valid one, both IKEv1 and IKEv2 are affected.

The relevant CVE is CVE-2012-2388

The vulnerability has been fixed in the recent 4.6.4 release of strongswan. A patch for previous versions is available upstream.

Details are here:

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Should be fixed with r32034

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.