libreswan-4.12-2.el9.ML.1

エラータID: AXSA:2024-8105:03

Release date: 
Monday, June 3, 2024 - 18:03
Subject: 
libreswan-4.12-2.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

* libreswan: Missing PreSharedKey for connection can cause crash (CVE-2024-2357)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-2357
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libreswan-4.12-2.el9.ML.1.src.rpm
    MD5: 180a723d02cabeb5c76055edc9a2d9cf
    SHA-256: 7b5538c924e16c65cf5a99595f4d4bd0e64066168c08238a6429338df8cf97cf
    Size: 12.54 MB

Asianux Server 9 for x86_64
  1. libreswan-4.12-2.el9.ML.1.x86_64.rpm
    MD5: 836d317a399f47a05638cd903bba6fa1
    SHA-256: 04b5a35cfb8786631b9f8f216e21130a75e7c7125475da813e35349eefc8f1fa
    Size: 1.33 MB