The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. Upstream patch: https://download.strongswan.org/security/CVE-2017-11185/strongswan-4.4.0-5.5.3_gmp_mpz_export.patch External References: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html
Created strongswan tracking bugs for this issue: Affects: epel-all [bug 1484010] Affects: fedora-all [bug 1484009]
Statement: The version of strongimcv package shipped with Red Hat Enterprise Linux 7, does not enable the gmp plugin and therefore is not affected by this flaw.