[strongSwan] Security vulnerability

Andreas Steffen andreas.steffen at strongswan.org
Mon Jun 4 18:24:02 CEST 2012


Hello,

the reported vulnerability is in the gmp plugin of strongSwan versions
4.2.0 up to 4.6.3, not in the libgmp library used by the plugin.

Regards

Andreas

On 06/04/2012 05:34 PM, Yong Choo wrote:
>>If no load statement is given, the plugin configuration depends on
>>your ./configure options. If you didn't --disable-gmp explicitly, it is
>>built and used by default.
> 
> Does this apply even if we have a different version of gmp library
> (libgmp.so.3.4.1 in /usr/lib)?
> 
> On 6/4/2012 10:49 AM, Martin Willi wrote:
>> Hi Andreas,
>>
>>> If the plugin gmp is in strongswan.conf not enabled, is it in use or
>>> not?
>> If no load statement is given, the plugin configuration depends on
>> your ./configure options. If you didn't --disable-gmp explicitly, it is
>> built and used by default.
>>
>>> Is it possible to see all used plugins in strongswan?
>> "ipsec statusall" lists all loaded plugins of a running daemon.
>>
>> Regards
>> Martin

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==




More information about the Users mailing list