Home / mailingsPDF  

[USN-8196-2] strongSwan vulnerabilities

Posted on 27 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8196-2
April 27, 2026

strongswan vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:


Summary:

Several security issues were fixed in strongSwan.

Software Description:

Details:

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the
corresponding update to Ubuntu 26.04 LTS.

Original advisory details:

Haruto Kimura discovered that strongSwan incorrectly handled the
supported_versions extension in TLS. A remote attacker could possibly use
this issue to cause strongSwan to stop responding, resulting in a denial
of service. (CVE-2026-35328)

Haruto Kimura discovered that strongSwan incorrectly handled certain
encrypted PKCS#7 containers. A remote attacker could possibly use this
issue to cause strongSwan to crash, resulting in a denial of service.
(CVE-2026-35329)

Lukas Johannes Moeller discovered that strongSwan incorrectly handled
certain EAP-SIM/AKA attributes. A remote attacker could use this issue to
cause strongSwan to stop responding, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-35330)

Haruto Kimura discovered that strongSwan incorrectly handled processing of
X.509 name constraints. A remote attacker could possibly use this issue to
bypass excluded name constraints. (CVE-2026-35331)

Haruto Kimura discovered that strongSwan incorrectly processed ECDH public
values. A remote attacker could possibly use this issue to cause
strongSwan to crash, resulting in a denial of service. (CVE-2026-35332)

Lukas Johannes Moeller discovered that strongSwan incorrectly handled
certain RADIUS attributes. A remote attacker could possibly use this issue
to cause strongSwan to crash, resulting in a denial of service.
(CVE-2026-35333)

Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption.
A remote attacker could possibly use this issue to cause strongSwan to
crash, resulting in a denial of service. (CVE-2026-35334)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8196-2
https://ubuntu.com/security/notices/USN-8196-1
CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331,
CVE-2026-35332, CVE-2026-35333, CVE-2026-35334

--===============8354541778317403927==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :