Описание
ELSA-2015-1154: libreswan security, bug fix and enhancement update (MODERATE)
[3.12-10.1.0.1]
- add libreswan-oracle.patch to detect Oracle Linux distro
[3.12-10.1]
- Resolves: rhbz#1226407 CVE-2015-3204 libreswan: crafted IKE packet causes daemon restart
[3.12-10]
- Resolves: rhbz#1213652 Support CAVS [updated another prf() free symkey, bogus fips mode fix]
[3.12-9]
- Resolves: rhbz#1213652 Support CAVS [updated to kill another copy of prf()]
- Resolves: rhbz#1208023 Libreswan with IPv6 [updated patch by Jaroslav Aster]
- Resolves: rhbz#1208022 libreswan ignores module blacklist [updated modprobe handling]
[3.12-8]
- Resolves: rhbz#1213652 Support CAVS testing of the PRF/PRF+ functions
[3.12-7]
- Resolves: rhbz#1208022 libreswan ignores module blacklist rules
- Resolves: rhbz#1208023 Libreswan with IPv6 in RHEL7 fails after reboot
- Resolves: rhbz#1211146 pluto crashes in fips mode
[3.12-6]
- Resolves: rhbz#1198650 SELinux context string size limit
- Resolves: rhbz#1198649 Add new option for BSI random requirement
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
libreswan
3.12-10.1.0.1.el7_1
Связанные CVE
Связанные уязвимости
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
libreswan 3.9 through 3.12 allows remote attackers to cause a denial o ...
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.