A strongswan security update has been released for Debian GNU/Linux 8 Extended LTS to address a bug in the EAP authentication client code that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack.