Blog

Release and vulnerability announcements for strongSwan

strongSwan 6.0.6 Released

We are happy to announce the release of strongSwan 6.0.6, which fixes seven vulnerabilities and comes with several other improvements and fixes.

release6.0.x

Seven Vulnerabilities Fixed

Thanks to improvements in AI-assisted security analysis, the following seven vulnerabilities were found and fixed. Please refer to the individual advisories for further details.

  • CVE-2026-35328 - A vulnerability in libtls related to the processing of the supported_versions extension in TLS was fixed that can result in an infinite loop. All strongSwan versions since 5.9.2 are affected.
  • CVE-2026-35329 - A vulnerability in libstrongswan and the pkcs7 plugin related to the processing of encrypted PKCS#7 containers was fixed that can result in a crash. All strongSwan versions since 5.0.2 are affected.
  • CVE-2026-35330 - A vulnerability in libsimaka related to the processing of certain EAP-SIM/AKA attributes was fixed that can result in an infinite loop or a heap-based buffer overflow and potentially remote code execution. All strongSwan versions since 4.3.6 are affected.
  • CVE-2026-35331 - A vulnerability in the constraints plugin related to the processing of X.509 name constraints was fixed that can allow authentication with certificates that violate the constraints. All strongSwan versions since 4.5.1 are affected.
  • CVE-2026-35332 - A vulnerability in libtls related to the processing of ECDH public values in TLS < 1.3 was fixed that can result in a crash. All strongSwan versions since 4.5.0 are affected.
  • CVE-2026-35333 - A vulnerability in libradius related to the processing of RADIUS attributes was fixed that can result in an infinite loop or an out-of-bounds read that may cause a crash. All strongSwan versions since 4.2.14 are affected.
  • CVE-2026-35334 - A vulnerability in the gmp plugin related to RSA decryption was fixed that can result in a crash. All strongSwan versions since 4.3.2 are affected.

Other Notable Features and Fixes

  • The Botan RNG types used/provided by the botan plugin are now configurable.
  • Please note the that the fix for the vulnerability in the constraints plugin now causes all certificates that contain excluded name constraints of type directoryName (DN) to get rejected.
  • Added the unique ID to the log messages when creating an IKE SA as responder and when deleting such a half-open SA.
  • Fixed a potential out-of-bounds read when parsing EAP-SIM/AKA attributes with actual length field. Also prevent an infinite loop on the client if the EAP-SIM version list contains more than one entry.
  • Fixed a potential out-of-bounds read when enumerating hashes in OCSP CERTREQ payloads.
  • Fixed a potential crash in the vici plugin when parsing messages that encode the length of a VICI_LIST_ITEM incorrectly.
  • Avoid allocating a large buffer for TLS cipher suites on the stack using alloca() (reported by COBALT). Whether this could be a potential problem depends on the stack size per thread, on typical systems it shouldn't be an issue.
  • Ensure TLS 1.3 CertificateRequest structures are valid on the client.
  • Update the address family in the SA selector when the addresses of a tunnel mode IPsec SA change in the kernel-netlink plugin.

Download Complete Changelog