libreswan-4.12-2.el9_4.1

エラータID: AXSA:2024-8485:05

Release date: 
Friday, June 28, 2024 - 13:28
Subject: 
libreswan-4.12-2.el9_4.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

* libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

Solution: 

Update packages.

CVEs: 
CVE-2024-3652
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
Additional Info: 

N/A

Download: 

SRPMS
  1. libreswan-4.12-2.el9_4.1.src.rpm
    MD5: f3bd1a506f62b785b42b63f0989822e7
    SHA-256: 93c5e1a7bf3256e568972311849831f8b2d882331a4b121225380f9ef0b35dac
    Size: 12.54 MB

Asianux Server 9 for x86_64
  1. libreswan-4.12-2.el9_4.1.x86_64.rpm
    MD5: 8ce77ad3d65cb16cfe9fe0fb04b76f59
    SHA-256: 8bb877181c5ad3a320290f59fbfa342c289374c02c0f850e0ee2b298efda9f88
    Size: 1.36 MB