strongSwan - Design by Margo Galas <galas (at) solnet (dot) ch>

Main Sponsors



strongSwan 5.9.4 Released

We are happy to announce the release of strongSwan 5.9.4, which fixes two denial-of-service vulnerabilities and comes with several other new features and fixes.

Denial-of-Service Vulnerability in the gmp Plugin (CVE-2021-41990)

A denial-of-service vulnerability in the gmp plugin was fixed that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. All strongSwan versions since 5.6.1 may be affected.

More information is provided in a separate blog entry.

Denial-of-Service Vulnerability in the In-Memory Certificate Cache (CVE-2021-41991)

A denial-of-service vulnerability in the in-memory certificate cache was fixed. If cached certificates are replaced, very large random values caused an integer overflow that could lead to a segmentation fault. All strongSwan versions since 4.2.10 may be affected.

More information is provided in a separate blog entry.

Also fixed is a related flaw that caused the daemon to accept and cache an infinite number of versions of a valid certificate by modifying the parameters in the signatureAlgorithm field of the outer X.509 Certificate structure.

Other Notable Features and Fixes

  • AUTH_LIFETIME notifies are now only sent by a responder if it can't reauthenticate the IKE_SA itself due to asymmetric authentication (i.e. EAP) or the use of virtual IPs.
  • Serial number generation in several pki sub-commands has been fixed so they don't start with an unintended zero byte.
  • Shared secrets, PEM files, vici messages, PF_KEY messages, swanctl configs and other data is properly wiped from memory.
  • Several corner cases with reauthentication have been fixed.

Download Complete Changelog