Описание
ELSA-2023-6549: libreswan security update (MODERATE)
[4.12-1.0.1]
- Add libreswan-oracle.patch to detect Oracle Linux distro
[4.12-1]
- Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
- Resolves: rhbz#2215956
[4.9-5]
- Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570.
- Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
- Resolves: rhbz#2189777, rhbz#2190148
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libreswan
4.12-1.0.1.el9
Oracle Linux x86_64
libreswan
4.12-1.0.1.el9
Связанные CVE
Связанные уязвимости
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.