エラータID: AXSA:2023-6143:08

Release date: 
Tuesday, June 27, 2023 - 07:52
Affected Channels: 
Asianux Server 8 for x86_64

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

* libreswan: Regression of CVE-2023-30570 fixes in the MIRACLE LINUX (CVE-2023-2295)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.


Update packages.

Additional Info: 



  1. libreswan-4.9-3.el8.src.rpm
    MD5: 4b33824f97aa8f6a8574cd483c94ab5d
    SHA-256: bf12d7010e81c27120023ec2cb70d022e7c3cdfc1c71bab1f3502bde45cc8b5f
    Size: 12.54 MB

Asianux Server 8 for x86_64
  1. libreswan-4.9-3.el8.x86_64.rpm
    MD5: f315ae2d275999ea916d6e0b94c9474e
    SHA-256: 5892c5a08225f441d07bac3387f5a301f5af38a8a9b1a0a504a56a545bdd44b8
    Size: 1.37 MB