strongSwan Vulnerability (CVE-2023-26463) A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected. A user publicly reported a bug related certificate verification in TLS-based EAP methods that leads to an authentication bypass followed by an expired pointer dereference that results in a denial of service but possibly even remote code execution. Fixed by 5.9.10 release: https://www.strongswan.org/blog/2023/03/02/strongswan-5.9.10-released.html
Created strongswan tracking bugs for this issue: Affects: epel-all [bug 2176446] Affects: fedora-all [bug 2176445]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.