Project

General

Profile

Actions

Todo #12934

closed

Update strongSwan

Added by Chris W almost 3 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Force Exclusion

Description

Currently StrongSwan 5.9.4 is packaged in 22.01/2.6, and contains this vulnerability which was fixed in version 5.9.5.
https://www.tenable.com/plugins/nessus/157235
https://github.com/strongswan/strongswan/releases/tag/5.9.5

Actions #1

Updated by Jim Pingle almost 3 years ago

  • Project changed from pfSense Docs to pfSense
  • Subject changed from Upgrade strongSwan to 5.9.5 or latest non-release candidate (CVE-2021-45079) to Update strongSwan
  • Category changed from VPN to IPsec
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
  • Release Notes set to Default

That vulnerability is not relevant to pfSense. It affects EAP clients, and pfSense can only act as an EAP server.

Still needs updated, but it is not a security issue.

Actions #2

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Feedback

The update is done in the ports tree. It's in CE snapshots now, will be in the next Plus snapshots shortly.

[2.7.0-DEVELOPMENT][root@pfSense.home.arpa]/root: pkg info -x swan
strongswan-5.9.5
Actions #3

Updated by Christopher Cope over 2 years ago

Tested successfully on

22.05-DEVELOPMENT (amd64)
built on Wed Apr 06 16:45:59 UTC 2022
FreeBSD 12.3-STABLE

Output

[22.05-DEVELOPMENT][root@pfSense.home.arpa]/root: pkg info -x swan
strongswan-5.9.5

Actions #4

Updated by Jim Pingle over 2 years ago

  • Status changed from Feedback to Resolved
Actions #5

Updated by Jim Pingle over 1 year ago

  • Release Notes changed from Default to Force Exclusion
Actions

Also available in: Atom PDF