A vulnerability in the eap-mschapv2 plugin related to processing Failure Request packets on the client was discovered in strongSwan that can result in a heap-based buffer overflow and potentially remote code execution. All versions since 4.2.12 are affected.
We are happy to announce the release of strongSwan 6.0.3, which fixes a vulnerability in the eap-mschapv2 plugin, adds a new event to receive alerts via VICI, supports referencing on-device certificates in managed profiles of the Android app, and comes with several other new features and fixes.