Home / mailingsPDF  

[SECURITY] [DSA 6227-1] strongswan security update

Posted on 22 April 2026
Debian Security Advisory

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6227-1 security@debian.org
https://www.debian.org/security/ Yves-Alexis Perez
April 22, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : strongswan
CVE ID : CVE-2026-35328 CVE-2026-35329 CVE-2026-35330 CVE-2026-35331
CVE-2026-35332 CVE-2026-35333 CVE-2026-35334

Multiple vulnerabilities were fixed in strongSwan, an IKE/IPsec suite.

CVE-2026-35328

A vulnerability in libtls related to the processing of the
supported_versions extension in TLS that can result in an infinite
loop.

CVE-2026-35329

Vulnerabilities in libstrongswan and the pkcs7 plugin related to the
processing of encrypted PKCS#7 containers that can result in a crash.

CVE-2026-35330

A vulnerability in libsimaka related to the processing of certain
EAP-SIM/AKA attributes that can result in an infinite loop or a
heap-based buffer overflow and potentially remote code execution.

CVE-2026-35331

A vulnerability in the constraints plugin related to the processing of
X.509 name constraints that can allow authentication with certificates
that violate the constraints.

CVE-2026-35332

A vulnerability in libtls related to the processing of ECDH public
values in TLS < 1.3 that can result in a crash.

CVE-2026-35333

A vulnerability in libradius related to the processing of RADIUS
attributes that can result in an infinite loop or an out-of-bounds
read that may cause a crash.

CVE-2026-35334

A vulnerability in the gmp plugin related to RSA decryption that can
result in a crash.

For the oldstable distribution (bookworm), these problems have been fixed
in version 5.9.8-5+deb12u4.

For the stable distribution (trixie), these problems have been fixed in
version 6.0.1-6+deb13u5.

We recommend that you upgrade your strongswan packages.

For the detailed security status of strongswan please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/strongswan

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

 

TOP

Mailings :

Exploits :