#20849 – RDN parser vulnerability

Bug 20849 - RDN parser vulnerability

Summary: RDN parser vulnerability

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	strongswan (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 critical
Assignee:	Michael Shigorin
QA Contact:	qa-sisyphus

URL:	http://download.strongswan.org/CHANGE...
Keywords:	security

Depends on:
Blocks:

Reported:	2009-07-22 17:12 MSD by Vladimir Lettiev
Modified:	2009-07-23 02:41 MSD (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-07-22 17:12:07 MSD

strongswan-4.2.17
-----------------

- The RDN parser vulnerability discovered by Orange Labs research team
  was not completely fixed in version 4.2.16. Some more modifications
  had to be applied to the asn1_length() function.

Comment 1 Repository Robot 2009-07-23 02:41:02 MSD

strongswan-4.3.3-alt1 -> sisyphus:

* Thu Jul 23 2009 Michael Shigorin <mike@altlinux> 4.3.3-alt1

- 4.3.3 (closes: #20849)
  + the RDN parser vulnerability discovered by Orange Labs research team
    was not completely fixed in version 4.3.2. Some more modifications
    had to be applied to the asn1_length() function to make it robust.
  + thanks crux@ for prompt notification