strongSwan: Multiple Vulnerabilities Two vulnerabilities have been found in strongSwan, possibly resulting in Denial of Service or a bypass in authentication restrictions. strongswan 2014-12-13 2014-12-13 507722 509832 remote 5.1.3 5.1.3

strongSwan is an IPSec implementation for Linux.

A NULL pointer dereference and an error in the IKEv2 implementation have been found in strongSwan.

A remote attacker could create a Denial of Service condition or bypass security restrictions.

There is no known workaround at this time.

All strongSwan users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/strongswan-5.1.3" CVE-2014-2338 CVE-2014-2891 keytoaster ackle