14 DAY TRIAL // Canonical has published in a new security notice details about a strongSwan vulnerability that has been found and corrected in Ubuntu 15.04, Ubuntu 14.10, and Ubuntu 14.04 LTS operating systems.
This is not the first strongSwan exploit that has been closed in this development cycle, but it's not a major problem. In fact, this kind of updates arrive almost on a daily basis. strongSwan is an open source IPsec-based VPN solution and it looks like it could have been made to expose sensitive information over the network.
"NAlexander E. Patrakov discovered that strongSwan incorrectly handled certain IKEv2 setups. A malicious server could possibly use this issue to obtain user credentials," is noted in the security notice.
For a more detailed description of the problems, you can see Canonical's security notification. The problem can be corrected if you upgrade your system(s) to the latest strongswan-ike package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal if you don't like the provided GUI interface. Open a terminal and enter the following commands (you will need to be root):
sudo apt-get dist-upgrade