Private Internet Access is unaffected by strongSwan CVE-2017-11185 announced earlier today. CVE-2017-11185 affected all versions of strongSwan up to 5.5.3 if the gmp plugin was enabled. The issue was caused by the gmp plugin. Passing certain RSA signatures to the gmp plugin could cause null pointer dereferences, and lead to a denial of service attack. Remote code execution was not a possibility with this vulnerability. The gmp plugin vulnerability has been fixed in strongSwan 5.6.0.

Private Internet Access has been running strongSwan with the gmp plugin disabled and is thus unaffected by this vulnerability. We’re always committed to protecting your privacy and ensuring your security on the internet.



Sincerely,

The Private Internet Access Team