[Pkg-swan-devel] Bug#1134897: strongswan: CVE-2026-35328 CVE-2026-35329 CVE-2026-35330 CVE-2026-35331 CVE-2026-35332 CVE-2026-35333 CVE-2026-35334
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 25 13:24:00 BST 2026
Source: strongswan
Version: 6.0.5-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 5.9.8-5
Control: fixed -1 5.9.8-5+deb12u4
Control: fixed -1 6.0.1-6+deb13u5
Hi,
The following vulnerabilities were published for strongswan.
CVE-2026-35328[0]:
| strongswan: libtls infinite loop
CVE-2026-35329[1]:
| strongswan: pkcs7 crash
CVE-2026-35330[2]:
| strongswan: libsimaka infinite loop
CVE-2026-35331[3]:
| strongswan: constraints plugin
CVE-2026-35332[4]:
| strongswan: libtls ECDH crash
CVE-2026-35333[5]:
| strongswan: libradius infinite loop
CVE-2026-35334[6]:
| strongswan: gmp plugin crash
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-35328
https://www.cve.org/CVERecord?id=CVE-2026-35328
[1] https://security-tracker.debian.org/tracker/CVE-2026-35329
https://www.cve.org/CVERecord?id=CVE-2026-35329
[2] https://security-tracker.debian.org/tracker/CVE-2026-35330
https://www.cve.org/CVERecord?id=CVE-2026-35330
[3] https://security-tracker.debian.org/tracker/CVE-2026-35331
https://www.cve.org/CVERecord?id=CVE-2026-35331
[4] https://security-tracker.debian.org/tracker/CVE-2026-35332
https://www.cve.org/CVERecord?id=CVE-2026-35332
[5] https://security-tracker.debian.org/tracker/CVE-2026-35333
https://www.cve.org/CVERecord?id=CVE-2026-35333
[6] https://security-tracker.debian.org/tracker/CVE-2026-35334
https://www.cve.org/CVERecord?id=CVE-2026-35334
[7] https://github.com/strongswan/strongswan/releases/tag/6.0.6
Regards,
Salvatore
More information about the Pkg-swan-devel
mailing list