このコンテンツは選択した言語では利用できません。
3.62. openswan
Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link associated with the description below.
Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks.
Security Fix
- CVE-2013-6466
- A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped.
All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Updated openswan packages that fix one bug are now available for Red Hat Enterprise Linux 5.
Openswan is an implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks.
Bug Fix
- BZ#1070358
- Previously, Openswan supported a NAT-T negotiation method which used a notification number that was assigned by the Internet Assigned Numbers Authority (IANA) for another option. This incorrect option was therefore removed. As a consequence, clients supporting non-RFC versions of NAT-T could not establish an Openswan connection. With this update, Openswan has been modified to fully ignore that option, and clients can send both the incorrect option and the draft or the RFC option to connect to Openswan successfully.
Users of openswan are advised to upgrade to these updated packages, which fix this bug.
