libreswan-4.9-4.el9

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet
Protocol Security and uses strong cryptography to provide both authentication
and encryption services. These services allow you to build secure tunnels
through untrusted networks such as virtual private network (VPN).

Security Fix(es):

* libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise
Linux (CVE-2023-2295)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2023-2295
A vulnerability was found in the libreswan library. This security issue occurs
when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto
algorithms, and the response packet is not sent with a zero responder SPI. When
a subsequent packet is received where the sender reuses the libreswan responder
SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote
code execution is possible. This CVE exists because of a CVE-2023-30570 security
regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat
Enterprise Linux 9.2.