A flaw was found in the strongSwan payload handling code. This flaw can be triggered by an IKEv1 or IKEv2 message that contains payloads that are only defined for the respective other IKE version. For instance, sending an IKEv1 Main Mode message containing a payload with type 41 (IKEv2 Notify) will crash the daemon or, potentially allow for remote code execution, when a short summary of the contents of the message is logged ("parsed ID_PROT request 0 [ ... ]").
Created attachment 1027039 [details]
This is public:
Created strongswan tracking bugs for this issue:
Affects: fedora-all [bug 1228819]
Affects: epel-6 [bug 1228820]
Affects: epel-7 [bug 1228821]
Closing as this doesn't affect RHEL.