[USN-8196-2] strongSwan vulnerabilities

[noreply+usn-bot]

==========================================================================
Ubuntu Security Notice USN-8196-2
April 27, 2026

strongswan vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:


Summary:

Several security issues were fixed in strongSwan.

Software Description:

Details:

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the
corresponding update to Ubuntu 26.04 LTS.

Original advisory details:

 Haruto Kimura discovered that strongSwan incorrectly handled the
 supported_versions extension in TLS. A remote attacker could possibly use
 this issue to cause strongSwan to stop responding, resulting in a denial
 of service. (CVE-2026-35328)

 Haruto Kimura discovered that strongSwan incorrectly handled certain
 encrypted PKCS#7 containers. A remote attacker could possibly use this
 issue to cause strongSwan to crash, resulting in a denial of service.
 (CVE-2026-35329)

 Lukas Johannes Moeller discovered that strongSwan incorrectly handled
 certain EAP-SIM/AKA attributes. A remote attacker could use this issue to
 cause strongSwan to stop responding, resulting in a denial of service, or
 possibly execute arbitrary code. (CVE-2026-35330)

 Haruto Kimura discovered that strongSwan incorrectly handled processing of
 X.509 name constraints. A remote attacker could possibly use this issue to
 bypass excluded name constraints. (CVE-2026-35331)

 Haruto Kimura discovered that strongSwan incorrectly processed ECDH public
 values. A remote attacker could possibly use this issue to cause
 strongSwan to crash, resulting in a denial of service. (CVE-2026-35332)

 Lukas Johannes Moeller discovered that strongSwan incorrectly handled
 certain RADIUS attributes. A remote attacker could possibly use this issue
 to cause strongSwan to crash, resulting in a denial of service.
 (CVE-2026-35333)

 Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption.
 A remote attacker could possibly use this issue to cause strongSwan to
 crash, resulting in a denial of service. (CVE-2026-35334)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8196-2
  https://ubuntu.com/security/notices/USN-8196-1
  CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331,
  CVE-2026-35332, CVE-2026-35333, CVE-2026-35334

signature.asc
Description: OpenPGP digital signature