Bug 20849 - RDN parser vulnerability
Summary: RDN parser vulnerability
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: strongswan (show other bugs)
Version: unstable
Hardware: all Linux
: P3 critical
Assignee: Michael Shigorin
QA Contact: qa-sisyphus
URL: http://download.strongswan.org/CHANGE...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-07-22 17:12 MSD by Vladimir Lettiev
Modified: 2009-07-23 02:41 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-22 17:12:07 MSD 
strongswan-4.2.17
-----------------

- The RDN parser vulnerability discovered by Orange Labs research team
  was not completely fixed in version 4.2.16. Some more modifications
  had to be applied to the asn1_length() function.
Comment 1 Repository Robot 2009-07-23 02:41:02 MSD 
strongswan-4.3.3-alt1 -> sisyphus:

* Thu Jul 23 2009 Michael Shigorin <mike@altlinux> 4.3.3-alt1

- 4.3.3 (closes: #20849)
  + the RDN parser vulnerability discovered by Orange Labs research team
    was not completely fixed in version 4.3.2. Some more modifications
    had to be applied to the asn1_length() function to make it robust.
  + thanks crux@ for prompt notification