Home / mailingsPDF  

[USN-8196-1] strongSwan vulnerabilities

Posted on 22 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8196-1
April 22, 2026

strongswan vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in strongSwan.

Software Description:
- strongswan: IPsec VPN solution

Details:

Haruto Kimura discovered that strongSwan incorrectly handled the
supported_versions extension in TLS. A remote attacker could possibly use
this issue to cause strongSwan to stop responding, resulting in a denial
of service. (CVE-2026-35328)

Haruto Kimura discovered that strongSwan incorrectly handled certain
encrypted PKCS#7 containers. A remote attacker could possibly use this
issue to cause strongSwan to crash, resulting in a denial of service.
(CVE-2026-35329)

Lukas Johannes Moeller discovered that strongSwan incorrectly handled
certain EAP-SIM/AKA attributes. A remote attacker could use this issue to
cause strongSwan to stop responding, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-35330)

Haruto Kimura discovered that strongSwan incorrectly handled processing of
X.509 name constraints. A remote attacker could possibly use this issue to
bypass excluded name constraints. (CVE-2026-35331)

Haruto Kimura discovered that strongSwan incorrectly processed ECDH public
values. A remote attacker could possibly use this issue to cause strongSwan
to crash, resulting in a denial of service. (CVE-2026-35332)

Lukas Johannes Moeller discovered that strongSwan incorrectly handled
certain RADIUS attributes. A remote attacker could possibly use this issue
to cause strongSwan to crash, resulting in a denial of service.
(CVE-2026-35333)

Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption.
A remote attacker could possibly use this issue to cause strongSwan to
crash, resulting in a denial of service. (CVE-2026-35334)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libstrongswan 6.0.1-6ubuntu4.3
strongswan 6.0.1-6ubuntu4.3

Ubuntu 24.04 LTS
libstrongswan 5.9.13-2ubuntu4.24.04.3
strongswan 5.9.13-2ubuntu4.24.04.3

Ubuntu 22.04 LTS
libstrongswan 5.9.5-2ubuntu2.6
strongswan 5.9.5-2ubuntu2.6

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8196-1
CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331,
CVE-2026-35332, CVE-2026-35333, CVE-2026-35334

Package Information:
https://launchpad.net/ubuntu/+source/strongswan/6.0.1-6ubuntu4.3
https://launchpad.net/ubuntu/+source/strongswan/5.9.13-2ubuntu4.24.04.3
https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.6

--===============4010249253572285331==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :