Project

General

Profile

Actions

Todo #12934

closed

Update strongSwan

Added by Chris W 4 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.05
Release Notes:
Default

Description

Currently StrongSwan 5.9.4 is packaged in 22.01/2.6, and contains this vulnerability which was fixed in version 5.9.5.
https://www.tenable.com/plugins/nessus/157235
https://github.com/strongswan/strongswan/releases/tag/5.9.5

Actions #1

Updated by Jim Pingle 4 months ago

  • Project changed from pfSense Docs to pfSense
  • Subject changed from Upgrade strongSwan to 5.9.5 or latest non-release candidate (CVE-2021-45079) to Update strongSwan
  • Category changed from VPN to IPsec
  • Target version set to 2.7.0
  • Plus Target Version set to 22.05
  • Release Notes set to Default

That vulnerability is not relevant to pfSense. It affects EAP clients, and pfSense can only act as an EAP server.

Still needs updated, but it is not a security issue.

Actions #2

Updated by Jim Pingle 3 months ago

  • Status changed from New to Feedback

The update is done in the ports tree. It's in CE snapshots now, will be in the next Plus snapshots shortly.

[2.7.0-DEVELOPMENT][root@pfSense.home.arpa]/root: pkg info -x swan
strongswan-5.9.5
Actions #3

Updated by Christopher Cope 3 months ago

Tested successfully on

22.05-DEVELOPMENT (amd64)
built on Wed Apr 06 16:45:59 UTC 2022
FreeBSD 12.3-STABLE

Output

[22.05-DEVELOPMENT][root@pfSense.home.arpa]/root: pkg info -x swan
strongswan-5.9.5

Actions #4

Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF