Security update for strongswan SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1082-1 Final 1 1 2015-06-08T17:50:00Z current 2015-06-08T17:50:00Z 2015-06-08T17:50:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for strongswan strongswan was updated to fix a rogue servers vulnerability, that may enable rogue servers able to authenticate itself with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591,CVE-2015-4171). More information can be found on https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%28cve-2015-4171%29.html The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html E-Mail link for openSUSE-SU-2015:1082-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings strongswan-5.1.1-11.1 strongswan-doc-5.1.1-11.1 strongswan-ipsec-5.1.1-11.1 strongswan-libs0-5.1.1-11.1 strongswan-mysql-5.1.1-11.1 strongswan-nm-5.1.1-11.1 strongswan-sqlite-5.1.1-11.1 strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. CVE-2015-4171 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html https://www.suse.com/security/cve/CVE-2015-4171.html CVE-2015-4171 https://bugzilla.suse.com/931845 SUSE Bug 931845 https://bugzilla.suse.com/933591 SUSE Bug 933591