{"id":"USN-8196-2","summary":"strongswan vulnerabilities","details":"USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the\ncorresponding update to Ubuntu 26.04 LTS.\n\nOriginal advisory details:\n\n Haruto Kimura discovered that strongSwan incorrectly handled the\n supported_versions extension in TLS. A remote attacker could possibly use\n this issue to cause strongSwan to stop responding, resulting in a denial\n of service. (CVE-2026-35328)\n\n Haruto Kimura discovered that strongSwan incorrectly handled certain\n encrypted PKCS#7 containers. A remote attacker could possibly use this\n issue to cause strongSwan to crash, resulting in a denial of service.\n (CVE-2026-35329)\n\n Lukas Johannes Moeller discovered that strongSwan incorrectly handled\n certain EAP-SIM/AKA attributes. A remote attacker could use this issue to\n cause strongSwan to stop responding, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2026-35330)\n\n Haruto Kimura discovered that strongSwan incorrectly handled processing of\n X.509 name constraints. A remote attacker could possibly use this issue to\n bypass excluded name constraints. (CVE-2026-35331)\n\n Haruto Kimura discovered that strongSwan incorrectly processed ECDH public\n values. A remote attacker could possibly use this issue to cause\n strongSwan to crash, resulting in a denial of service. (CVE-2026-35332)\n\n Lukas Johannes Moeller discovered that strongSwan incorrectly handled\n certain RADIUS attributes. A remote attacker could possibly use this issue\n to cause strongSwan to crash, resulting in a denial of service.\n (CVE-2026-35333)\n\n Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption.\n A remote attacker could possibly use this issue to cause strongSwan to\n crash, resulting in a denial of service. (CVE-2026-35334)","modified":"2026-04-28T16:47:25.899481227Z","published":"2026-04-27T11:41:16Z","related":["UBUNTU-CVE-2026-35328","UBUNTU-CVE-2026-35329","UBUNTU-CVE-2026-35330","UBUNTU-CVE-2026-35331","UBUNTU-CVE-2026-35332","UBUNTU-CVE-2026-35333","UBUNTU-CVE-2026-35334"],"upstream":["CVE-2026-35328","CVE-2026-35329","CVE-2026-35330","CVE-2026-35331","CVE-2026-35332","CVE-2026-35333","CVE-2026-35334","UBUNTU-CVE-2026-35328","UBUNTU-CVE-2026-35329","UBUNTU-CVE-2026-35330","UBUNTU-CVE-2026-35331","UBUNTU-CVE-2026-35332","UBUNTU-CVE-2026-35333","UBUNTU-CVE-2026-35334"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8196-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35328"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35329"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35330"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35331"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35332"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35333"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-35334"}],"affected":[{"package":{"name":"strongswan","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/strongswan@6.0.4-1ubuntu3?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.4-1ubuntu3"}]}],"versions":["6.0.1-6ubuntu4","6.0.1-6ubuntu5","6.0.4-1ubuntu1","6.0.4-1ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"6.0.4-1ubuntu3","binary_name":"charon-cmd"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"charon-systemd"},{"binary_name":"libcharon-extauth-plugins","binary_version":"6.0.4-1ubuntu3"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"libcharon-extra-plugins"},{"binary_name":"libstrongswan","binary_version":"6.0.4-1ubuntu3"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"libstrongswan-extra-plugins"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"libstrongswan-standard-plugins"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan-charon"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan-libcharon"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan-nm"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan-pki"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan-starter"},{"binary_version":"6.0.4-1ubuntu3","binary_name":"strongswan-swanctl"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8196-2.json","cves_map":{"ecosystem":"Ubuntu:26.04","cves":[{"id":"CVE-2026-35328","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-35329","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-35330","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-35331","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-35332","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-35333","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-35334","severity":[{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}