svn commit: r352944 - head/security/vuxml
Ryan Steinmetz
zi at FreeBSD.org
Sun May 4 12:43:28 UTC 2014
Author: zi
Date: Sun May 4 12:43:27 2014
New Revision: 352944
URL: http://svnweb.freebsd.org/changeset/ports/352944
QAT: https://qat.redports.org/buildarchive/r352944/
Log:
- Document strongSwan vulnerability (CVE-2014-2338)
- Add additional reminder to document port variants
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun May 4 12:20:32 2014 (r352943)
+++ head/security/vuxml/vuln.xml Sun May 4 12:43:27 2014 (r352944)
@@ -51,10 +51,42 @@ a new entry is available in The Porter's
Help is also available from ports-security at freebsd.org.
-Note: Please add new entries to the beginning of this file.
+Notes:
+ * Please add new entries to the beginning of this file.
+ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6fb521b0-d388-11e3-a790-000c2980a9f3">
+ <topic>strongswan -- Remote Authentication Bypass</topic>
+ <affects>
+ <package>
+ <name>strongswan</name>
+ <range><lt>5.1.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>strongSwan developers report:</p>
+ <blockquote cite="www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html">
+ <p>Remote attackers are able to bypass authentication by rekeying an
+ IKE_SA during (1) initiation or (2) re-authentication, which
+ triggers the IKE_SA state to be set to established.</p>
+ <p>Only installations that actively initiate or re-authenticate IKEv2
+ IKE_SAs are affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-2338</cvename>
+ <url>http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</url>
+ </references>
+ <dates>
+ <discovery>2014-03-12</discovery>
+ <entry>2014-05-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="670d732a-cdd4-11e3-aac2-0022fb6fcf92">
<topic>mohawk -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list