libreswan-3.29-7.el8

エラータID: AXSA:2020-374:02

Release date: 
Thursday, September 17, 2020 - 09:42
Subject: 
libreswan-3.29-7.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

* libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-1763
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2020-1763
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. libreswan-3.29-7.el8.src.rpm
    MD5: a290bc3c59aa3f64130e492b1680f419
    SHA-256: 1b1368679638706b57820aebdadb5c3625092733a1921c0a94fbedf47388c378
    Size: 12.69 MB

Asianux Server 8 for x86_64
  1. libreswan-3.29-7.el8.x86_64.rpm
    MD5: a589b9a1f7b716be7aeb7ce736bd713b
    SHA-256: aa80c0469e2ca21aa220f5081e01df7b1be1e63e15d8c44692ac117f35f3711d
    Size: 1.28 MB