Security update for strongswan SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2103-1 Final 1 1 2015-11-25T17:48:25Z current 2015-11-25T17:48:25Z 2015-11-25T17:48:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for strongswan The strongswan package was updated to fix the following security issue: - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html E-Mail link for openSUSE-SU-2015:2103-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 strongswan-5.2.2-7.1 strongswan-doc-5.2.2-7.1 strongswan-hmac-5.2.2-7.1 strongswan-ipsec-5.2.2-7.1 strongswan-libs0-5.2.2-7.1 strongswan-mysql-5.2.2-7.1 strongswan-nm-5.2.2-7.1 strongswan-sqlite-5.2.2-7.1 strongswan-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-doc-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-hmac-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-ipsec-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-libs0-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-mysql-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-nm-5.2.2-7.1 as a component of openSUSE Leap 42.1 strongswan-sqlite-5.2.2-7.1 as a component of openSUSE Leap 42.1 The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. CVE-2015-8023 openSUSE Leap 42.1:strongswan-5.2.2-7.1 openSUSE Leap 42.1:strongswan-doc-5.2.2-7.1 openSUSE Leap 42.1:strongswan-hmac-5.2.2-7.1 openSUSE Leap 42.1:strongswan-ipsec-5.2.2-7.1 openSUSE Leap 42.1:strongswan-libs0-5.2.2-7.1 openSUSE Leap 42.1:strongswan-mysql-5.2.2-7.1 openSUSE Leap 42.1:strongswan-nm-5.2.2-7.1 openSUSE Leap 42.1:strongswan-sqlite-5.2.2-7.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html https://www.suse.com/security/cve/CVE-2015-8023.html CVE-2015-8023 https://bugzilla.suse.com/953817 SUSE Bug 953817