Release and vulnerability announcements for strongSwan

strongSwan 5.6.0 Released

We are happy to announce the release of strongSwan 5.6.0 which adds support for SWIMA for PA-TNC, brings a plugin that implements 3GPP MILENAGE in software, refines CHILD_SA rekeying and fixes a DoS vulnerability and several other issues.

Denial-of-Service Vulnerability in the gmp Plugin (CVE-2017-11185)

A denial-of-service vulnerability in the gmp plugin was fixed that was caused by insufficient input validation when verifying RSA signatures. More specifically, if the signature equals the public key's modulus the resulting value of zero causes  mpz_export() to return NULL, which was not handled properly, resulting in a null-pointer dereference. All versions are affected.

More information is provided in a separate blog entry.


The new SWIMA (Software Inventory Message and Attributes) IMC/IMV pair implements the draft-ietf-sacm-nea-swima-patnc Internet Draft and has been demonstrated at the IETF 99 Prague Hackathon. The IMV database template has been adapted to achieve full compliance with the
ISO 19770-2:2015 SWID tag standard.

The sw-collector tool extracts software events from apt history logs and stores them in an SQLite database to be used by the SWIMA IMC. The tool can also generate SWID tags both for installed and removed package versions.

3GPP MILENAGE in Software

The new eap-aka-3gpp plugin implements the 3GPP MILENAGE algorithms in software. K (optionally concatenated with OPc) may be configured as binary EAP secret in ipsec.secrets or swanctl.conf. Thanks to Thomas Strangert for the initial patch.

Refined IKEv2 CHILD_SA Rekeying Behavior

CHILD_SA rekeying is fixed in charon-tkm, which was broken since the rekeying changes introduced with 5.5.3. The behavior has also been refined a bit: On Linux the outbound policy now has the SPI of the corresponding SA set and the responder of a rekeying will install both IPsec SAs (in/out) immediately, but delay the update of the outbound policy until it received the delete for the replaced CHILD_SA.
Also, the previous code temporarily installed an outbound IPsec SA/policy that was deleted immediately afterwards when a rekey collision was lost, which caused a slight chance for traffic loss.

Other Notable Features and Fixes

Download Complete Changelog