SB2015033114 - Fedora EPEL 7 update for strongswan

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015033114

SB2015033114 - Fedora EPEL 7 update for strongswan

Published: March 31, 2015 Updated: April 24, 2025

Security Bulletin ID SB2015033114
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Data Handling (CVE-ID: CVE-2014-9221)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.


2) Data Handling (CVE-ID: CVE-2015-3991)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.


Remediation

Install update from vendor's website.

References