openswan-2.6.32-4.2.0.1.AXS4

エラータID: AXSA:2011-553:01

リリース日: 
2011/12/28 Wednesday - 11:20
題名: 
openswan-2.6.32-4.2.0.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Openswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN.
This package contains the daemons and userland tools for setting up Openswan. It supports the NETKEY/XFRM IPsec kernel stack that exists in the default Linux kernel.
Openswan 2.6.x also supports IKEv2 (RFC4306)
CVE-2011-3380
Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.
Fixed bugs:
- Whether the hostname or the ipaddress parameter is configured, Openswan now correctly sets up policies with the correct protocol and port.
- Previously, very large security label strings coming from the peer were truncated, then used. This truncated string could sometimes correspond to a valid string, leading to incorrect policies. This has been fixed. It also fixes an incorrect handling of the IKE setup
- Openswan can now be correctly set up in AH mode SAs.
- IPsec connections over a loopback interface did not work properly when a specific port was configured. This has been fixed.

解決策: 

Update packages.

追加情報: 

From Asianux Server 4 SP1.

ダウンロード: 

SRPMS
  1. openswan-2.6.32-4.2.0.1.AXS4.src.rpm
    MD5: 6578255d5a8f857f4c9943d6b2f6c5af
    SHA-256: 87deac1022a6cf53b14fe11d4ccb89ac85914f41213b02ac24d70caa08f8f4ca
    Size: 11.16 MB

Asianux Server 4 for x86
  1. openswan-2.6.32-4.2.0.1.AXS4.i686.rpm
    MD5: c90ec673626e5af8d243727f3f927810
    SHA-256: 95f0f22f78adcf7a7b291a4d54c0571648d6fb72e3206af1603292054430d958
    Size: 869.95 kB

Asianux Server 4 for x86_64
  1. openswan-2.6.32-4.2.0.1.AXS4.x86_64.rpm
    MD5: 3605728c3e2a01ee572a54bb712c91de
    SHA-256: 03c27759a0f7fdabc167199c873397c274eb01ce9b77fbd7481e2d33d3b873e7
    Size: 880.90 kB