diff --git a/strongswan-5.6.2-CVE-2018-5388.patch b/strongswan-5.6.2-CVE-2018-5388.patch new file mode 100644 index 0000000..e932fe2 --- /dev/null +++ b/strongswan-5.6.2-CVE-2018-5388.patch @@ -0,0 +1,15 @@ +diff -Naur strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c +--- strongswan-5.6.2-orig/src/libcharon/plugins/stroke/stroke_socket.c 2017-11-09 10:57:30.000000000 -0500 ++++ strongswan-5.6.2/src/libcharon/plugins/stroke/stroke_socket.c 2018-05-24 00:00:32.382953618 -0400 +@@ -628,6 +628,11 @@ + return FALSE; + } + ++ if (len < offsetof(stroke_msg_t, buffer)) ++ { ++ DBG1(DBG_CFG, "invalid stroke message length %d", len); ++ return FALSE; ++ } + /* read message (we need an additional byte to terminate the buffer) */ + msg = malloc(len + 1); + msg->length = len; diff --git a/strongswan.spec b/strongswan.spec index b05cedb..2e60a1d 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -3,13 +3,14 @@ Name: strongswan Version: 5.6.2 -Release: 5%{?dist} +Release: 6%{?dist} Summary: An OpenSource IPsec-based VPN and TNC solution License: GPLv2+ URL: http://www.strongswan.org/ Source0: http://download.strongswan.org/%{name}-%{version}%{?prerelease}.tar.bz2 Patch1: strongswan-5.6.0-uintptr_t.patch Patch2: strongswan-5.6.2-1574939-VPN-DNS.patch +Patch3: strongswan-5.6.2-CVE-2018-5388.patch # only needed for pre-release versions #BuildRequires: autoconf automake @@ -78,6 +79,7 @@ PT-TLS to support TNC over TLS. %setup -q -n %{name}-%{version}%{?prerelease} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build # only for snapshots @@ -257,6 +259,9 @@ done %{_libexecdir}/strongswan/charon-nm %changelog +* Thu May 24 2018 Paul Wouters - 5.6.2-6 +- Resolves rhbz#1581868 CVE-2018-5388 strongswan: buffer underflow in stroke_socket.c + * Thu May 24 2018 Paul Wouters - 5.6.2-5 - Resolves rhbz#1574939 IKEv2 VPN connections fail to use DNS servers provided by the server - Resolves rhbz#1449875 Strongswan on epel built without the sql plugin but with the sqlite plugin