[strongSwan-dev] About Strongswan vuln CVE-2021-45079

[Tobias Brunner]

Hi Totti,

> The issue is only at Strongswan client 
> side, right? Meaning that running server 5.9.4 is still safe?

That's correct.  Only the EAP client implementation is affected.

The patch does update the server part of the EAP implementation, 
however, that's only because it adds NOT_SUPPORTED as valid return value 
for eap_method_t::get_msk(), which is used on both client and server.

Regards,
Tobias