エラータID: AXBA:2018-3250:02

2018/07/11 Wednesday - 09:39
Asianux Server 7 for x86_64

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

This update fixes the following bugs:

* Prior to this update, the "ipsec newhostkey" command incorrectly tried self-test itself expecting a FIPS mode signature to be present. This is no longer required for the "newhostkey" and "rsasigkey" commands, and it caused generating a false positive FIPS error that prevented the commands from executing properly in FIPS mode. With this update, "newhostkey" and "rsasigkey" correctly do not look for a FIPS signature when executing in FIPS mode, and Libreswan is now able to generate new RSA keys in FIPS mode. (BZ#1573949)

* Previously, when multiple IPsec Security Associations (SAs) shared the same Internet Key Exchange (IKE) SA and rekey events took place, not all state was properly transferred to a new connection. That could lead to multiple IKE SAs, and certain devices returned the "INVALID_IKE_SPI" error message. The devices also deleted all their IKE SAs. With this update, all state is properly transferred to a new connection, and Libreswan no longer creates duplicate IKE SAs. (BZ#1574456)

* Prior to this update, the Libreswan suite ignored Dead Peer Detection (DPD) responses on idle connections. As a consequence, idle tunnels were accidentally restarted by the remote peer. Handling of liveness responses has been fixed, and idle tunnels are no longer accidentally restarted. (BZ#1574457)

Users of libreswan are advised to upgrade to these updated packages, which fix these bugs.


Update packages.




  1. libreswan-3.23-5.0.1.el7.AXS7.src.rpm
    MD5: 60de3c73ed44224854b9d90db926bd4b
    SHA-256: 6ed32970fab059b31e9cbc356f06eac943347df70fd987265896d499c010431c
    Size: 12.64 MB

Asianux Server 7 for x86_64
  1. libreswan-3.23-5.0.1.el7.AXS7.x86_64.rpm
    MD5: e4d1655ae0fe39369389cbaa5b2f65d1
    SHA-256: 53079dea700bace70e1aa565ec2db66d2c4f5c1fc531458f3530ba809035ff45
    Size: 1.32 MB