The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of strongSwan: denial of service via rsa_pss_params_parse

Synthesis of the vulnerability 

An attacker can trigger a fatal error via rsa_pss_params_parse() of strongSwan, in order to trigger a denial of service.
Vulnerable products: openSUSE Leap, SLES.
Severity of this weakness: 2/4.
Creation date: 24/03/2020.
Références of this bulletin: CVE-2018-6459, openSUSE-SU-2020:0403-1, SUSE-SU-2020:0743-1, VIGILANCE-VUL-31866.

Description of the vulnerability 

An attacker can trigger a fatal error via rsa_pss_params_parse() of strongSwan, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat announce impacts software or systems such as openSUSE Leap, SLES.

Our Vigil@nce team determined that the severity of this cybersecurity alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security alert.

Solutions for this threat 

openSUSE Leap 15.1: new strongswan packages.
New packages are available:
  openSUSE Leap 15.1: strongswan 5.8.2-lp151.4.6.1

SUSE LE 15 SP1: new strongswan packages.
New packages are available:
  SUSE LE 15 SP1: strongswan 5.8.2-4.6.14
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities watch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.