Bug 20849

Summary: RDN parser vulnerability
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: strongswanAssignee: Michael Shigorin <mike>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: critical    
Priority: P3 CC: mike, week
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://download.strongswan.org/CHANGES42.txt

Description Vladimir Lettiev 2009-07-22 17:12:07 MSD 
strongswan-4.2.17
-----------------

- The RDN parser vulnerability discovered by Orange Labs research team
  was not completely fixed in version 4.2.16. Some more modifications
  had to be applied to the asn1_length() function.
Comment 1 Repository Robot 2009-07-23 02:41:02 MSD 
strongswan-4.3.3-alt1 -> sisyphus:

* Thu Jul 23 2009 Michael Shigorin <mike@altlinux> 4.3.3-alt1

- 4.3.3 (closes: #20849)
  + the RDN parser vulnerability discovered by Orange Labs research team
    was not completely fixed in version 4.3.2. Some more modifications
    had to be applied to the asn1_length() function to make it robust.
  + thanks crux@ for prompt notification