libreswan-3.15-5.0.1.el7.AXS7

エラータID: AXSA:2015-534:02

Release date: 
Thursday, November 5, 2015 - 10:35
Subject: 
libreswan-3.15-5.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services. These services allow you
to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Libreswan. To build KLIPS, see the kmod-libreswan.spec file.

Libreswan also supports IKEv2 (RFC4309) and Secure Labeling

Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04

Security issues fixed with this release:

CVE-2015-3240
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Enhancements:

* This update adds support for RFC 7383 IKEv2 Fragmentation, RFC 7619 Auth Null and ID Null, INVALID_KE renegotiation, CRL and OCSP support via NSS, AES_CTR and AES_GCM support for IKEv2, CAVS testing for FIPS compliance.
* This update also fixes several memory leaks and introduces a sub-second packet retransmit option.
* This update improves migration support from Openswan to Libreswan. Specifically, all Openswan options that can take a time value without a suffix are now supported, and several new keywords for use in the /etc/ipsec.conf file have been introduced. See the relevant man pages for details.
* With this update, loopback support via the "loopback=" option has been deprecated.
* This update also fixes several memory leaks and introduces a sub-second packet retransmit option.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libreswan-3.15-5.0.1.el7.AXS7.src.rpm
    MD5: 6a21e98f0fd7c5aabb0e96148f79963e
    SHA-256: 5bc5af1fa2ecd1a4fea6186f6c6a838022f9539a2008db081f3b97511dc1c583
    Size: 17.80 MB

Asianux Server 7 for x86_64
  1. libreswan-3.15-5.0.1.el7.AXS7.x86_64.rpm
    MD5: b12f583e0ea0e56162807c6109a502d3
    SHA-256: 13e677561a2e6ccf15ea6614f97068ce6b5c8017963f833187b22a1ecd67ec17
    Size: 1.24 MB