Fedora Account System
Red Hat Associate
Red Hat Customer
It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. External References: https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html
Created strongswan tracking bugs for this issue: Affects: epel-all [bug 1457123] Affects: fedora-all [bug 1457124]
Statement: This issue did not affect the versions of strongimcv as shipped with Red Hat Enterprise Linux 7, as they did not include support for the gmp plugin.